Uber Hid Hack That Left Information for 57 Million People Vulnerable
Ride-hailing company’s CEO says two that led response to massive breach no longer with the company.
Uber kept secret the theft of personal information of 57 million customers around the globe and the names and driver's license numbers of hundreds of thousands of drivers in the U.S.
In a blog post Tuesday, Dara Khosrowshahi, the ride-hailing company's CEO, said he only recently learned of the breach, which occurred in late 2016 and involved two individuals outside the company accessing user data stored on a third-party cloud-based service used by Uber.
"Outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded," Khosrowshahi wrote. Still, "a significant amount of other information" was accessed, the CEO said, including the names and license numbers of around 600,000 drivers in the United States, and information including names, email addresses, and mobile phone numbers for 57 million Uber users around the world.
"Effective today, two of the individuals who led the response to this incident are no longer with the company," said Khosrowshahi.
reported the two fired were Joe Sullivan, Uber's chief security officer, and one of his deputies.
When the incident occurred, Uber moved to secure the data and shut down further access. Uber "identified the individuals and obtained assurances that the downloaded data had been destroyed," Khosrowshahi said.
According to the Bloomberg report, the company opted to pay the hackers $100,000 to delete the data and to stay mum on the breach.
Uber is now investigating how the breach was handled and why the company failed to notify those affected or regulators last year, the executive, who took the helm of the company in September, said.
"None of this should have happened, and I will not make excuses for it," wrote the CEO, who added: "We are changing the way we do business."