What a year it’s been for Uber: an investigation into workplace sexism, Greyball, the Hell Software, lawsuits, the medical records scandal, Kalanick’s resignation, a London ban, etc. Now, the company is facing yet another crisis after it was revealed hackers stole the personal data of 57 million customers and drivers.
The ride-hailing giant has admitted that it failed to notify the affected individuals and regulators about the breach, which took place on October 26, 2016. Perhaps most damning of all, it paid the hackers responsible $100,000 to delete the data and stop the incident becoming public knowledge, reports Bloomberg.
Information accessed by the hackers included names, email addresses, and phone numbers of 50 million Uber customers worldwide. The personal details of 7 million drivers were also stolen, including 600,000 US drivers’ license numbers. The company says sensitive data such as bank account numbers, trip location history, social security numbers, and birth dates had not been compromised.
Uber CEO Dara Khosrowshahi said he was only recently made aware of the incident. “None of this should have happened, and I will not make excuses for it,” he explained in a statement. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Although Uber had “obtained assurances that the downloaded data had been destroyed,” Khosrowshahi has terminated the employment of two employees that were responsible for the company’s “failure to notify affected individuals or regulators." Chief security officer Joe Sullivan was one of those let go.
Uber said it will provide free credit monitoring and identity theft protection to affected drivers. The company added that customers don’t have to take any further action but should monitor their credit and other accounts.
Khosrowshahi said he is working with Matt Olsen, co-founder of cybersecurity consulting firm IronNet Cybersecurity, to outline new security measures for Uber going forward.
Uber has now notified authorities of the breach. The New York Attorney General’s office has opened an investigation into the matter.
Yesterday brought news that Uber had been hit with an $8.9 million fine for allowing people with felony convictions and motor vehicle offenses to become drivers.