(FinancialPress) — Rider names, email addresses and mobile phone numbers, as well as the names and driver‘s license numbers of around 600,000 U.S. Uber drivers were stolen in a 2016 data breach that the company chose to silence by paying off the responsible parties.
Uber Technologies Inc. paid $100,000 to hackers in exchange for their silence on a massive data breach occurred in 2016. The breach compromised the information of close to 57 million users of the platform, the company itself revealed on Tuesday.
Fara Khostowshahi, the newly-appointed CEO who succeeds Travis Kalanick, revealed that two employees were terminated for their responsibility in the response to the attack taken by the company as soon as the cover-up was discovered.
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi wrote in a company blog post
The attack went down in October 2016, but the CEO revealed she only learned of it recently.
This hack adds to the woes of the U.S. based company, which is already target of controversy due to the wave of sexual harassment in the workplace allegations, a suit for theft of trade secrets and a battery of federal criminal probes that led to former CEO Kalanick‘s removal back in June 2017 – which was followed by the August appointment of Khosrowshahi
No fraud was discovered, so users can rest at ease. The driver affected by the breach will be given free identity theft protection and credit protection by the company.
The breach happened after two hackers attained proprietary information on Github – a collaborative software code platform. The hackers stole credentials for a different cloud-service provider and reached driver and rider data, said the company. GitHub denies responsibility in the issue.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said.
“We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
and second by misrepresenting that it took reasonable steps to secure that data.” The data breaches, while small in comparison to Yahoo’s 3 billion-account cyberattack, is the latest of several missteps within the ride-hailing giant. The company has fielded scrutiny over allegations of sexual harassment and workplace misconduct, has lost numerous executives amid dissent within the board of directors, and has sparred with regulators from London to Singapore. Former CEO Travis Kalanick knew about the 2016 hack. “You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it,”