A massive data breach exposed the personal information of some 57 million Uber customers and drivers more than a year ago, but those potentially affected never knew about the hack because Uber paid the hackers to keep it a secret.
According to Bloomberg Technology, the data stolen by two individuals included the names, email addresses, and phone numbers of about 50 million Uber riders and seven million Uber drivers. The hackers also accessed 600,000 U.S. driver’s license numbers.
Federal law requires companies to report data breaches to regulatory authorities promptly, but Uber instead paid the hackers $100,000 to delete the stolen files and stay quiet about their October 2016 break-in, Bloomberg reported.
According to Bloomberg, Uber said the two hackers “accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money …”
Uber chief security officer Joe Sullivan, who orchestrated the cover-up, was asked to resign by Dara Khosrowshahi, who took over as president after co-founder and CEO Travis Kalanick was forced out amid accusations of fostering a sexist corporate culture. Mr. Khosrowshahi also fired Craig Clark, a senior lawyer who reported to Sullivan.
Uber says that there is “no evidence of fraud or misuse tied to the incident.”
“We are monitoring the affected accounts and have flagged them for additional fraud protection, “the company added, saying it will provide the drivers whose licenses were compromised in the hack free credit protection and protection from identity theft.
The data breach coverup is the latest in a series of dubious moves Uber has made in its short history. Since 2009, the company has become the subject of at least five federal criminal investigations of “possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property,” sources told Bloomberg.
Uber’s shady record has prompted the city of London and a number of other governments worldwide to take measures toward banning the company’s services, Bloomberg reported.