Ride hailing giant Uber is in the headlines again, and not for a good reason, again: the company has revealed that about a year ago, hackers stole personal data of 57 million customers and drivers, and instead of disclosing the breach, Uber decided to cover it up.
According to Bloomberg, the hacked data included names, email addresses, and phone numbers of 50 million Uber riders all over the world, as well as personal information, including about 600,000 driver’s license numbers, of roughly 7 million drivers. Uber said that no Social Security numbers, credit card data, trip location details, or other information were taken.
Uber said that two hackers were able to gain access to proprietary information used by Uber and stored on GitHub, which is a collaboration service that allows engineers to work on code. Then, these hackers downloaded the sensitive data, and proceeded to email Uber asking for money; Uber ended up paying them $100,000 to keep the breach secret.
Co-founder Travis Kalanick and former Uber head apparently learned of the hack a month after it happened, in November 2016, when the company was negotiating the handling consumer data with the U.S. Federal Trade Commission.
Current CEO Dara Khosrowshahi, who was named chief executive back in August after Kalanick was ousted this summer, said that he had only recently learned of the data breach, and that “none of this should have happened, and I will not make excuses for it.”
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
After the discovery, two employees, chief security officer Joe Sullivan and a deputy, Craig Clark, who were involved in Uber’s response to and eventual concealment of the hack, were fired.
Khosrowshahi said the company was beginning to notify regulators, and according to a spokeswoman, New York Attorney General Eric Schneiderman has launched an investigation into the hack. Additionally, U.K. regulators, including the National Crime Agency, are looking into the scale of the breach as well, notes Bloomberg; London in particular took major steps earlier this year towards banning Uber in the city.
The CEO also said that he hired former NSA general counsel Matt Olsen in order to restructure Uber’s security teams and processes; Uber has also hired cybersecurity firm Manidant, which is owned by FireEye (FEYE - Free Report) , to investigate the data breach.
Uber has plans to release a separate statement to customers addressing the data hack soon, reassuring them and saying it has witnessed “no evidence of fraud or misuse tied to the incident.”
Wall Street’s Next Amazon
Zacks EVP Kevin Matras believes this familiar stock has only just begun its climb to become one of the greatest investments of all time. It’s a once-in-a-generation opportunity to invest in pure genius. Click for details >>