Uber Conceals Information About Hack for More Than a Year
Uber concealed information for more than a year that hackers had stolen the personal data of 57 million Uber users and drivers.
In a statement on the 2016 attack, Uber also published resources for riders and drivers.
Apparently two people were responsible for the hack on a third-party cloud service.
The statement said the duo stole names and driver’s license numbers of around 600,000 drivers in the U.S., as well as rider names, email addresses and mobile phone numbers.
Fortunately, other information like location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth do not appear to have been stolen.
“All affected drivers will get free credit monitoring and identity theft protection.
“None of this should have happened, and I will not make excuses for it,” CEO Dara Khosrowshahi said in the statement.
Khosrowshahi was not with the company at the time of the hack attack, having joined as CEO just this fall.
It is learnt that Uber paid the hackers $100,000 to delete the data and keep the breach quiet. They also did not report the incident.
The ride-hailing company also fired chief security officer Joe Sullivan who was previously security boss at Facebook for his role in hiding the data breach.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorised access by the individuals.
“Following this, we identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures,” Uber said in a statement.
However, it did not address the payment.
New York Attorney General Eric Schneiderman launched an investigation into the hack, according to Press Secretary Amy Spitalnick.
Earlier this year, Uber agreed to 20 years of privacy audits after the FTC said it had “failed consumers” after a 2014 data breach.
In that separate case, the FTC said Uber failed consumers by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and by misrepresenting that it took reasonable steps to secure that data.
The data breaches, while small in comparison to Yahoo’s 3 billion-account cyberattack, is the latest of several missteps within the ride-hailing giant.
The company has fielded scrutiny over allegations of sexual harassment and workplace misconduct, has lost numerous executives amid dissent within the board of directors, and has sparred with regulators from London to Singapore.
Former CEO Travis Kalanick knew about the 2016 hack.
“You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it,” new CEO Khosrowshahi said of the breach.
The systems used by companies with all kinds of confidential data involved must be secured in the best possible way. IT security experts are one of the most important team members in the company to protect data breach. Data security is crucial for every business, all data is important data, regardless of a company’s size.