Uber Technologies Inc. said an unauthorized third party accessed the company's database last year and may have taken data on about 50,000 drivers.
The drivers were notified, and Uber has taken legal steps to gather information about the breach, the mobile car-booking company said in a statement on its website Friday.
The unauthorized access, which happened in May 2014, follows Uber's tussles with regulators around the world, which are seeking more information on whether drivers are carrying the right licenses and insurance. This week, Uber agreed to provide Maryland's Public Utility Commission with the names of its drivers in the state after authorities sought to regulate its operations. While the data breach only affected a "small percentage" of Uber's drivers, according to the company, it underscores the sensitivity of the data collected as part of Uber's operations.
"To date, we have not received any reports of actual misuse of any information as a result of this incident, but we are notifying impacted drivers and recommend these individuals monitor their credit reports for fraudulent transactions or accounts," Katherine Tassi, Ubers managing counsel for data privacy, said in the statement.
Uber said the data breach was detected in September and included only the names and drivers' license numbers. Uber is offering a year of free identity protection services for affected drivers, the company said.