In October 2016, some 57 million Uber accounts were compromised; and you never came to know about the incident because the ride-service provider paid $100,000 to hackers to hush-up the incident.
The incident was first reported by Bloomberg.
The San Francisco-based company admitted on Tuesday that hackers stole personal data, which consist of names, email addresses and phone numbers of Uber users around the world and the names and driver’s license numbers of 600,000 U.S. drivers.
According to the company, two hackers gained access to proprietary information used by Uber and stored on GitHub, a service that allows engineers to collaborate on software code and downloaded the information.
Discovery of the company’s cover-up of the incident resulted in the firing of its chief security officer, Joe Sullivan, and a deputy, Craig Clark, who led Uber’s response to the hack.
Travis Kalanick, the then-CEO in the company, got to know about the breach a month later and was not involved in the decision not to disclose the stolen data, a board committee investigation revealed.
Dara Khosrowshahi, CEO, Uber said he had only recently learned of the breach, which happened in October 2016.
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said in a blog post on the company website.
He added that Uber had begun notifying regulators. The New York attorney general has opened an investigation into the data breach. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.
This is not the first case of data theft in Uber. In 2014, details of 100,000 drivers were leaked to an unknown “intruder.”
Experts also said Uber’s ransom payment is not the sole case but an increasing number of companies are paying thieves to recover stolen data.
Khosrowshahi said on Tuesday that he had hired Matt Olsen, former general counsel of the U.S. National Security Agency, to restructure the company’s security teams and processes.