Justice Department Opens Investigation Into Uber Data Breach

The Department of Justice is investigating a data leak at Uber, including whether or not employees at rival Lyft had anything to do with the incident.

Popular ride-hailing service Uber revealed earlier this year that data on as many as 50,000 of its drivers had been accessed without its consent in May 2014. A subsequent Uber investigation found that an Internet address possibly associated with the leak was traced to Lyft’s technology chief Chris Lambert, Reuters reported in October based on two anonymous sources.

Uber did not allege a direct connection between the Internet address linked to Lambert and the hack, however, and the Lyft executive’s attorney, former federal prosecutor Miles Ehrlich, said he “had nothing to do with the breach.”

Justice Department spokesman Abraham Simmons said Wednesday that he could not confirm or deny a criminal investigation. There have been no formal accusations in the matter and it is unclear if anyone will ultimately be charged.

Uber and Lyft, both based in San Francisco, are in competition for drivers and customers—though Lyft is much smaller than its giant rival. Uber filed a civil lawsuit in San Francisco federal court in February to attempt to identify the culprit, but the person responsible remains unidentified.

The lawsuit alleges the hacker violated the federal Computer Fraud and Abuse Act, as well as a similar California law. It is unclear if the stolen information was used by the hacker or anyone else.

On Friday, Lyft said again that it had investigated the matter previously and that “there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber‘s May 2014 data breach.”

[Reuters]