Uber paid $100,000 to cover up the 2016 hack of 57 million customers
Uber just can’t seem to stay out of the news. Even with a newly minted CEO dead-set on tidying up the company’s tarnished reputation, Uber still manages to find itself embroiled in scandal after scandal. The most recent addition to Uber’s growing list of transgressions involves efforts by the company to conceal the fact that hackers managed to steal personal data belonging to 57 million drivers and Uber customers.
The attack initially took place in November of 2016, though Uber didn’t learn that there was a breach until one month later. The compromised information included email addresses and upwards of 600,000 driver’s license numbers. Notably, there’s no indication that social security numbers or banking information was compromised.
Don't Miss: The best Black Friday TV deals you can get right now from Walmart, Best Buy, and more
Seeing as how driver’s licence information was taken, Uber was legally obligated to alert both drivers and regulators to the breach. Instead, Uber, which at the time was already entangled with other privacy-related issues, opted to pay off the hackers to the tune of $100,000 in exchange for their silence.
Though Uber maintains that the accessed data was never used maliciously, it goes without saying that any company in possession of your sensitive information should never try and hide the fact that said information was compromised.
Uber’s statement on the matter, penned by CEO Dara Khosrowshahi, reads as follows:
As Uber’s CEO, it’s my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of. For that to happen, we have to be honest and transparent as we work to repair our past mistakes.
I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure.
Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded. However, the individuals were able to download files containing a significant amount of other information, including:
The names and driver’s license numbers of around 600,000 drivers in the United States. Drivers can learn more here.
Some personal information of 57 million Uber users around the world, including the drivers described above. This information included names, email addresses and mobile phone numbers. Riders can learn more here.
At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it. What I learned, particularly around our failure to notify affected individuals or regulators last year, has prompted me to take several actions:
None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.
BGR Top Deals:
Trending Right Now:
