Clickability tracking pixel

Uber Paid to Hide Hack that Compromised 57M Customers, Drivers

The company paid hackers $100,000 to erase customer and driver data that was stolen in Oct. 2016.

by Annalise Knudson, Staten Island Advance / November 22, 2017

(TNS) –– STATEN ISLAND, N.Y. -- Uber revealed this week that the company suffered a cyberattack last year that exposed personal information of 57 million customers and drivers.

Information included names, email addresses and phone numbers of millions of people around the world. Driver's licenses of about 600,000 U.S. drivers were also included in the breach.

Executives deliberately concealed the October 2016 breach after Uber became aware that two individuals inappropriately accessed user data stored in the company's third-party cloud-based service, according to a statement released by the company's chief executive Dara Khosrowshahi.

The company said none of its own systems were hacked.

Independent forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.

According to Khosrowshahi, steps were taken immediately to secure the data and shut down further unauthorized access by the hackers. Uber identified the hackers and obtained assurances that downloaded information was "destroyed."

"We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts," Khosrowshahi said.

He added that a thorough investigation was done after executives failed to notify affected individuals or regulators last year, prompting him to take several actions.

The company paid hackers $100,000 to delete the data and keep the breach under wraps, Bloomberg reported.

To rectify the mistake, Khosrowshahi said the company will provide drivers with free credit monitoring and identity theft protection. In addition, Uber is notifying regulatory authorities and is monitoring affected accounts -- flagging them for additional fraud protection.

"None of this should have happened, and I will not make excuses for it," Khosrowshahi said. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."

©2017 Staten Island Advance, N.Y. Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

E.REPUBLIC Platforms & Programs