Uber Paid Hackers $100,000, Hid Data Breach Affecting 57 Million Uber Users


Hackers stole the personal data of 57 million Uber customers and drivers in a major data breach in 2016, new Uber CEO Dara Khosrowshahi has disclosed, seemingly in a move of good faith.

In a blog post, Uber’s new CEO has announced details of a hack that affected the ride-hailing giant’s users in 2016. The new CEO said he became aware of the hack *after* taking over as chief executive earlier this year before ordering an internal investigation over its handling.

The new CEO pointed to two individuals outside the company who had “inappropriately accessed user data stored on a third-party cloud-based service” as the perpetrators of the massive breach. The company hired digital forensics experts who determined that no trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth of users being stolen.

While the Uber executive claimed the breach did not affect any corporate systems or infrastructure, the personal information of 57 million Uber users around the world whose information included names, email addresses, and phone numbers were stolen. So too were the names and driver’s license numbers of around 600,000 drivers in the United States.

The executive went on to claim that Uber took “immediate steps” to secure the data and stop other attempts by the hackers to access its data. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed,” Khosrowshahi said. The company told NBC News that it paid the two hackers $100,000 to delete the information and keep quiet about the situation.

Uber adds that it is individually notifying drivers whose license numbers were downloaded, providing them free credit monitoring and identity theft protection. Regulators, who were not notified of the incident, are also being informed now.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi added. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

Following Uber’s disclosure, New York State Attorney General Eric Schneiderman has opened an investigation into the company’s cover-up of the incident. Separately, the Los Angeles federal court saw a compliant seeking a class-action status lawsuit where a customer is suing Uber for negligence.

Image credit: Pixabay.