Uber Technologies Inc has admitted that it concealed a fact for a year that hackers stole personal data of some 57 million users including riders and drivers.
Media reports further suggested that the company paid $100,000 to hackers for not disclosing the massive breach last year 2016.
In a statement, UBER CEO Dara Khosrowshahi said: “I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure”.
Earlier this week, the ride-hailing company fired its chief security officer Joe Sullivan, and a deputy, Craig Clark due to their role in the handling of the incident.
He added “The names and driver’s license numbers of around 600,000 drivers in the United States” were stolen. Information “included names, email addresses and mobile phone numbers” of “57 million Uber users around the world” were downloaded by the attackers.
He further clarified that “trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth” were not downloaded.
Following the incident, he said that the company “identified the individuals and obtained assurances that the downloaded data had been destroyed”. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts”.
He said taking further action “We are individually notifying the drivers whose driver’s license numbers were downloaded. We are providing these drivers with free credit monitoring and identity theft protection. We are notifying regulatory authorities”.
The company did not get evidence of fraud or misuse related to the incident, he said. Khosrowshahi said “I will not make excuses for it,” adding, “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers”.
In the past, Uber has been failed to protect driver and passenger data. Hackers previously stole information about Uber drivers and the company acknowledged in 2014 that its employees had used a software tool called “God View” to track passengers.
