At a glance.
- Account hijacking leads to carjackings.
- Data breach in California town.
Identity fraud as a prelude to robbery.
The Wall Street Journal offers a look at a crime wave targeting drivers employed by ride-sharing companies like Uber and Lyft, and the security issues within the apps could be partially to blame. Massive spikes in carjackings in recent months have plagued US cities like Minneapolis, where there was a 279% increase in carjackings reported through November 2021, and ride-share drivers accounted for 11% of those cases. Lyft spokeswoman Ashley Adams stated, “We’re committed to doing everything we can to help keep drivers safe.”
Indeed, ride-sharing apps do already have some baked-in security features. Both Uber and Lyft’s apps sport an emergency button that automatically connects the driver to 911 and shares GPS coordinates with dispatchers, and Uber is testing a new feature that will allow drivers to record audio during a trip. While drivers must upload ID photos and undergo background checks to screen for criminal history, passengers are not required to disclose their identities or upload selfies, making it easy for wrongdoers to hijack user accounts. Ride-sharing companies argue that they can’t force passengers to verify their accounts, and that regulating passenger background checks would cost too much time and money. Ricardo Amper, CEO and founder of Incode wrote to say that this represents a trend, that crime enabled by identity fraud has been rising:
“In the era of Uber and rideshare, there’s no real way to verify someone is who they say they are, which poses a huge security risk for people. An Uber driver can say they are someone, but there is no true way for the passenger to prove this - and vice versa.
"This has caused an increase in crimes and attacks by people utilizing a deep fake, or false identity. There can no longer be trust in what someone claims, it needs to be proven. By maximizing the power of biometrics and simplifying the process of identity verification, there’s an opportunity to prevent identity theft related crimes such as carjacking by authenticating all parties before pickup occurs.”
Data breach exposes private data of California town residents.
Grass Valley, a town in the US state of California suffered a data breach that exposed the private data of residents who interacted with the local police department or applied for a loan from the Community Development Department. ZDNet reports that the breach was the result of the illicit exfiltration of city files between April and July of 2021, and the compromised data includes names, Social Security numbers, driver's license numbers, financial and payment account information, health insurance information, and passport numbers.
City government officials say they were unable to ascertain the scope of the breach until this December, and in January they began notifying victims and offering free credit monitoring to those whose Social Security or driver's license numbers were exposed. That said, officials say they are unable to look up whether specific individual residents were impacted. “Rather, we ask that if you fall into one of these categories that you specify to the call center the category in which you fall, and ask to have them provide you with a use-code to enroll in Experian's IdentityWorksSM credit monitoring service."