Uber Says It Paid Hackers to Keep Massive Breach Quiet

SAN FRANCISCO (CN) – Ride-hail giant Uber paid hackers to keep quiet about a data breach that compromised the personal information of 57 million drivers and riders, the company’s CEO revealed in a company blog post Tuesday.

Dara Khosrowshahi, who took over as Uber’s CEO in September, said he recently learned of the October 2016 hack and immediately began investigating the company’s data security protocols.

“You may be asking why we are just talking about this now, a year later,” Khosrowshahi wrote. “I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.”

Uber fired its security chief Joe Sullivan and one of his deputies for their roles in covering up the data breach, which included a $100,000 payout to hackers in exchange for deleting data and keeping quiet, according to Bloomberg News.

The names and driver’s license numbers of 600,000 drivers were compromised in the breach, along with the personal information of 57 million app users, including names, email addresses, and phone numbers. No social security numbers, birthdates, bank account numbers or credit numbers were downloaded, according to the company.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said in his blog post. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

The ride-hailing company says it will notify every driver whose license number was downloaded and provide free credit monitoring and identity theft protection for those drivers. The company says it also notified the authorities and is monitoring hacked accounts for any potential fraudulent activity.

New York Attorney General Eric Schneiderman has also launched an investigation into the hack, Bloomberg reported Tuesday. And it took only hours for the first of what will likely be many class actions over the hack to be filed, in the Central District of California.

Khosrowshahi said the company has identified the two individuals responsible for the hack and “obtained assurances that the downloaded data had been destroyed.”

The Uber CEO also hired Matt Olson, a cybersecurity consultant and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help review the company’s data security policies and safeguards.

News of the hack comes at a time when Uber’s new CEO is working to repair the ride-hailing giant’s tarnished image after a tumultuous year. Former CEO Travis Kalanick was pressured to step down in June after the company was rocked by complaints of a sexist workplace culture and revelations that it used covert programs to spy on competitors and evade local law enforcement.

Before taking over as Uber’s top executive, Khosrowshahi, 48, served as CEO of the online travel booking company Expedia, which saw its gross value quadruple during his 12-year tenure.


%d bloggers like this: