Cyber Incident Victim: Teqtivity
Date:
Dec 2022
Location:
United States of America
Summary
A cybersecurity incident involving a third-party technology supplier compromised an AWS backup server, exposing data related to over 77,000 employees of a ridesharing company and its food delivery service. The breach revealed employee work email addresses, full names, workplace locations, and device information including serial numbers, technical specifications, and models. No sensitive personal data, financial records, customer information, or government identification numbers were accessed. The supplier engaged third-party forensic investigators and security teams, notified law enforcement, and implemented containment measures to prevent recurrence. The incident highlighted risks associated with third-party infrastructure vulnerabilities impacting organizational data security.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early December 2022, technology supplier Teqtivity experienced unauthorized access to its AWS backup server, compromising data related to its customers, including Uber and UberEats. The breach exposed device information such as serial numbers, makes, models, and technical specifications, alongside employee details including first names, last names, work email addresses, and work location information. Teqtivity confirmed the incident stemmed from a malicious third party infiltrating their infrastructure, specifically targeting backup files containing code and customer data. Uber clarified that the breach impacted over 77,000 of its employees but emphasized no customer data, financial records, or sensitive personal information like home addresses, banking details, or government identification numbers were exposed. The compromised data resided solely within Teqtivity’s systems, with no evidence suggesting direct infiltration of Uber’s internal networks. Teqtivity’s breach notification on December 12, 2022, confirmed the scope of the incident while underscoring their policy of not collecting extraneous personal data, limiting the exposure’s severity.
Following the breach, Teqtivity engaged a third-party forensics firm to analyze server logs and configurations, while a separate security team conducted penetration tests to identify vulnerabilities. The company notified law enforcement and affected customers, including Uber, and implemented measures to contain the incident and prevent recurrence. Uber publicly addressed the event as a supply chain compromise, distancing it from their direct infrastructure and reiterating prior security improvements following historical breaches, such as the 2016 incident affecting 57 million user and driver records. Cybersecurity experts highlighted the breach as emblematic of third-party risks, noting that attackers increasingly target suppliers to indirectly access corporate systems. The incident underscored operational disruptions for Uber, requiring internal communications and assurances to employees regarding data exposure, while Teqtivity faced reputational scrutiny over its data handling practices. Historical context from Uber’s previous breaches, including legal fines and settlements, added scrutiny to their vendor management protocols amid renewed focus on supply chain vulnerabilities.