Cyber Incident Victim: Genova Burns LLC
Date:
Jan 2023
Location:
United States of America
Summary
A cybersecurity breach at Genova Burns LLC exposed sensitive personal information of Uber drivers, including names and Social Security or Tax Identification numbers, which the law firm held during legal representation work. Unauthorized system access led to data exfiltration, detected through suspicious activity and investigated with third-party forensic assistance. The firm responded by alerting law enforcement, resetting system credentials, and committing to security improvements. Impacted drivers, primarily those operating in New Jersey, received notifications and complimentary credit monitoring services, though no confirmed misuse of stolen data was identified. This incident represents another third-party compromise affecting Uber-associated data, following prior breaches involving other external vendors that similarly exposed driver or employee records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 31, 2023, law firm Genova Burns LLC detected suspicious activity within its IT systems, prompting an investigation by a forensic security team. The probe determined that an unauthorized third party had gained access to the firm’s systems between January 23 and January 31, 2023, resulting in the exfiltration of certain limited files. The compromised data included personal information belonging to Uber drivers who had completed trips in New Jersey, specifically their names and Social Security numbers or Tax Identification numbers. Genova Burns possessed this data as part of its legal representation work for Uber. Following the investigation, the firm notified law enforcement agencies, reset all system passwords, and committed to implementing additional security measures to prevent future incidents. The firm stated it had no evidence of actual or attempted misuse of the stolen data but did not disclose technical details of the intrusion or specific security improvements undertaken.
Uber was notified of the breach by Genova Burns in March 2023 and subsequently informed affected drivers, offering them 12 months of complimentary credit monitoring and identity protection services. The breach marked another third-party incident impacting Uber driver data, following a December 2022 breach involving Uber supplier Teqtivity, which exposed employee information. Genova Burns’ intrusion notice emphasized a "comprehensive review" to identify compromised records but did not disclose the total number of affected drivers. The law firm declined to answer media inquiries regarding attack vectors or remediation specifics. This incident occurred against a backdrop of prior Uber data breaches, including a 2016 theft of 57 million customer and driver records and a September 2022 compromise by a Lapsus$ affiliate who accessed internal systems. Uber reiterated that no customer data was involved in the Genova Burns incident, limiting the impact to driver information held by the firm for legal purposes.