Uber is in the soup once again. Adding to its unfortunately long list of mess, Uber has now been reported to have paid off hackers who stole personal data of 57 million Uber customers and drivers. This massive breach that the company concealed for more than a year apparently, was now finally acknowledged by Uber.
As per a Bloomberg report, Uber ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps. This also included a $100,000 payment to the hackers. This attack that took place in October 2016, had an extensive scope – 50 million customers had their names, e-mail addresses, and phone numbers stolen, while 7 million drivers had their personal information, including driver’s license numbers, compromised as well. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.
Now as per law, in case of any such attack, or even an attempt, a company is obligated to report it to its customers, drivers, and various state and federal regulatory agencies. However, after Travis Kalanick learnt of the hack in November 2016, he reportedly decided against informing about the same. Instead, Chief Security Officer Joe Sullivan and a deputy paid the hackers $100,000 to keep things quiet, and relinquish data. Uber said it believes the information was never used, but declined to disclose the identities of the attackers.
However, unlike Kalanick, present CEO Dara Khosrowshahi has acknowledged the issue, and promised to deal with it. He told Bloomberg, “None of this should have happened, and I will not make excuses for it. We are changing the way we do business.” Vanity Fair further reports Khosrowshahi saying, “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi was quoted as saying. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”
The news of the hack comes when Uber is already dealing with the ongoing legal battle with self-driving car company Waymo, the fallout from a devastating sexual harassment scandal, and multiple ongoing investigations into past improper business tactics.