Hackers stole personal information on 57 million Uber Technologies Inc. customers and drivers in October 2016, as part of a massive data breach that the ride-hailing service willingly hid from victims and U.S. regulators.
Uber told Bloomberg on Tuesday that it paid the hackers responsible $100,000 to delete the stolen data and keep the breach quiet. The company declined to disclose the identities of the offenders and said it is confident that the stolen information was never used.
“None of this should have happened, and I will not make excuses for it,” Uber chief executive Dara Khosrowshahi said in a statement acknowledging the breach and cover-up. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.” (See also: Uber Will IPO in 2019.)
According to Bloomberg, the hackers gained access to names, email addresses and phone numbers of 50 million Uber customers around the world, as well as personal information of about 7 million drivers, including 600,000 U.S. driver’s license numbers. Uber added that more sensitive information, such as location data, credit card, bank account and social security numbers, wasn’t compromised in the October 2016 attack.
Khosrowshahi said that the company has since tightened its security and “obtained assurances that the downloaded data had been destroyed.” Uber’s newly named CEO added that two of the employees responsible for failing “to notify affected individuals or regulators” following the attack were ousted. Chief security officer Joe Sullivan is believed to be one of them.
Uber’s co-founder and former CEO, Travis Kalanick, was made aware of the breach one month after it took place, the company told Bloomberg. Kalanick reportedly found out about the matter shortly after Uber settled a lawsuit with the New York attorney general over data security disclosures. (See also: Uber CEO Travis Kalanick Resigns.)
News of the company’s breach and cover-up has already prompted New York Attorney General Eric Schneiderman to launch an investigation. Bloomberg also reported that Uber is being sued for negligence by one of its customers.
“Uber failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach,” according to the complaint filed Tuesday in federal court in Los Angeles.
Hackers have successfully infiltrated numerous companies in recent years, including Yahoo, now owned by Verizon (VZ), Time Inc.’s (TIME) MySpace, Target Corp. (TGT), Anthem Inc. (ANTM) and Equifax Inc. (EFX). (See also: Yahoo Says All 3 Billion Accounts Were Affected in 2013 Attacks.)
Read more: Uber Paid Hackers to Keep Massive Breach a Secret | Investopedia https://www.investopedia.com/news/uber-paid-hackers-keep-massive-breach-secret/#ixzz4zLLDGrL4
Follow us: Investopedia on Facebook