Report: U.S. Justice Dept Probes Data Breach at Uber

Cyber SecurityReuters

The U.S. Department of Justice is pursuing a criminal investigation of a May 2014 data breach at ride service Uber, including an examination of whether any employees at competitor Lyft were involved in the episode, sources familiar with the situation said.

Continue Reading Below

Earlier this year, Uber revealed that as many as 50,000 of its drivers' names and their license numbers had been improperly downloaded. An investigation by Uber determined that an Internet address potentially associated with the breach can be traced to Lyft's technology chief, Chris Lambert, Reuters reported in October.

Department of Justice spokesman Abraham Simmons said on Wednesday he could not confirm or deny a criminal probe. No one has been accused of any wrongdoing, and it is unclear whether anyone will ultimately be charged in connection with the breach.

A recently hired attorney for Lambert, former federal prosecutor Miles Ehrlich, said Lambert "had nothing to do" with the breach.

"Given that Uber apparently lost driver data, a law enforcement investigation is to be expected," Ehrlich said. "And the benefit is that the culprit here is going to be identified - and that's going to remove Chris' name from any conversation about Uber's data breach, as it should."

In a statement on Friday, Lyft said "we have not been contacted by the DOJ, U.S. Attorney's office or any other state or federal government agency regarding any investigation."

Uber declined to comment. The people familiar with the matter could not be named because they were not authorized to speak publicly.

By Joseph Menn and Dan Levine