Uber suffered a security breach last year that may have compromised the sensitive information of up to 50,000 drivers in the U.S.
In a statement, Uber confirmed that a database containing the names and driver’s license numbers of the drivers had a security vulnerability that could have been exploited by hackers.
Uber wouldn’t say how it discovered the breach, but did admit that a third party gained unauthorized access once in May 2014. Uber discovered the breach in September that year.
The vulnerability has been patched, Uber says; the ride-sharing company began contacting affected drivers last Friday about the incident. As a consolation, Uber offered all drivers a free one-year membership to an identity protection service.
Uber has also filed what is called a “John Doe” lawsuit so “that we are able to gather information that may lead to confirmation of the identity of the third party.”
Uber has faced a controversial year, including a scandal surrounding the alleged rape of a woman in New Delhi, India, by an Uber driver.
Uber also faced backlash regarding rider privacy when an executive threatened to expose dirt on journalists critical of Uber.
Data breaches at major corporations and banks have become increasingly common. Businesses including Target and Home Depot, as well as banking institutions like JPMorgan Chase, have faced significant security breaches. Just this month, Anthem — the nation’s second-largest health insurer — revealed it had been compromised by hackers.
Uber apologized for any “inconvenience” it may have caused the drivers following the breach.