It’s emerged that hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc but that the company concealed the breach for more than a year.
Bloomberg reports that Uber paid US$100,000 to the attackers to stop them using the data and adds that compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world.
The company told Bloomberg that personal information of about 7 million drivers was accessed as well, including some 600,000 American driving license numbers.
The report adds that at the time, Uber was negotiating with regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.
This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps.
“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are changing the way we do business.”