Uber is confronted with a new cybersecurity incident after malicious actors stole a portion of its data from Teqtivity, a 3rd vendor that offers resource planning and monitoring services.

“We are aware that our customer data has been compromised as a result of unauthorized access to our systems by a malicious party,” Teqtivity said in a statement. “A third party gained access to our Amazon web services backup server, which housed Teqtivity code as well as data files of Teqtivity customers.”

Although the investigation is still ongoing, Teqtivity wishes to notify you that it never collects or maintains personal information, banking information, or government identification numbers. It says that it has already alerted affected customers and is taking measures to prevent a similar incident from happening again.

“We apologize for any inconvenience this may have caused and deeply regret this situation. We value your trust in our ability to protect your company’s data and your sense of security, “the company said.

The dates of the attacks on Teqtivity and Uber have yet to be determined. However, a threat actor known as “UberLeaks” began leaking the stolen data on BreachForums. A notorious site submitted data breaches, around early Saturday morning, according to the threat actor.

UberLeaks claimed that the information came from Uber and Uber Eats. Even so, the leakage is believed to have included records that usually contain source code for Uber. Also, the Uber Eats, and Teqtivity mobile phone management (MDM) platforms were affected. Worker email addresses, business reports, information destruction reports, IT investment management reports, Windows login identities, email accounts, and other company data were also disclosed in the leaks.

Previous Known facts about Uber

UberLeaks established different topics for the MDMs for the brands listed above, each quoting a member of Lapsus$. The cyber-attack group was implicated in the September Uber breach.

Uber told BleepingComputer that the files were unrelated to the September security breach. “Based on our preliminary review of the available information. The code does not belong to Uber; nevertheless, we are still looking into this matter.”

The information leaked may not contain customer data. Still, security experts who examined it said there was enough to launch aimed phishing against Uber employees who could be duped into handing over their credentials.

Uber has been involved in several data theft and scandals. A teen hacker allegedly breached its network in September. He damaged an employee’s access and got entry to its internal Slack chat app. Six years prior, the personal information of 7 million drivers, including 600,000 driver’s license numbers, was compromised. Uber admitted in July of this year to covering up the 2016 data breach. Uber will take the assistance of its former head security officer, Joe Sullivan. Sullivan was charged with obstructing the administration of justice.

Reference