In early 2022, Uber disclosed that data for approximately 820,000 Uber Eats delivery driver accounts had been exposed through a third-party vendor that provided marketing services for Uber Eats. The vendor experienced its own data security incident that resulted in Uber Eats driver data stored in the vendor’s systems being compromised. Exposed data included driver names, email addresses, phone numbers, and account information. Uber notified affected drivers and reported the breach to relevant regulatory authorities. The incident added to Uber’s troubled data security history (the 2016 cover-up of the 57M-record breach, the 2022 Scattered Spider network breach, and now this third-party vendor incident). Uber notified authorities in multiple jurisdictions given its global driver network. The breach highlighted the risks of sharing contractor/driver personal data with third-party marketing vendors without adequate contractual data security requirements.