Uber Hid Massive Breach That Affected Personal Data of 57 Million Passengers and Drivers for More Than a Year
Hackers accessed millions of Uber users’ personal information last year, and the company did not report it until Tuesday.
In October 2016, two people outside the company accessed the personal information of 57 million Uber users including names, email addresses and phone numbers, the company said. Hackers also accessed driver’s license numbers of around 600,000 drivers in the United States. The 600,000 was included in the total number of affected users.
The company did not alert victims or regulators of the breach when they discovered it happened.
Uber CEO Dara Khosrowshahi said in a statement he recently learned of the breach.
Khosrowshahi, who became CEO in August, said he launched an investigation into why the company did not alert authorities or individuals affected by the hack. He said, “two of the individuals who led the response to this incident are no longer with the company.” Khosrowshahi said the company is now notifying regulatory authorities.
Bloomberg reports that Joe Sullivan, Uber’s chief security officer, is no longer with the company. Uber would not confirm to CNNMoney which individuals had left the company.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said in the statement.
“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts,” he said.
Uber did not say how hackers assured the company the stolen data was destroyed. Bloomberg reported that Uber paid them $100,000. Uber would not confirm it paid this ransom.
According to the company, no location history, credit card numbers, Social Security numbers, or dates of birth were downloaded in the hack. Uber said it is providing free credit monitoring to drivers who had their license numbers exposed.
It’s the latest blow to Uber, which is trying to improve its public image. The company has been embroiled in a number of controversies, including using software called Greyball to evade regulators, a court battle over allegedly stolen secrets from Google’s self-driving car division, and a slew of complaints regarding sexual harassment and toxic company culture.
This week, the company was fined almost $9 million for background check issues in Colorado.
In his statement, Khosrowshahi said things will be different moving forward. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he wrote.