Uber has admitted that 2.7 million people in the UK were affected by a 2016 security breach that compromised customers’ information, including names, email addresses and mobile phone numbers.
The ride-hailing company had previously disclosed that 57 million people worldwide were affected by a breach that it covered up for more than a year.
It published an estimate of the number of UK drivers and passengers for the first time, prompting concern from the mayor of London, where Uber is already battling a decision to revoke its licence to operate.
“This latest shocking development about Uber will alarm millions of Londoners whose personal data could have been stolen by criminals,” Sadiq Khan, Mayor of London, said.
“Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don’t suffer adversely, and what action is being taken to prevent this happening again in the future.
“The public will want to know how there could be this catastrophic breach of personal data security.”
The data regulator, the Information Commissioner’s Office (ICO), said it was yet to receive technical reports on the incident and called on Uber to alert affected customers as soon as possible.
Uber said the figure of 2.7 million, more than half of its 5 million UK customer base, was an “approximation rather than an accurate and definitive count” because it could not always tell where each customer was located.