Uber covered up major 2016 data breach, paid hefty ransom

E-hailing company Uber hushed up a data breach that affected 57-million drivers and riders’ personal information for over a year, CEO Dara Khosrowshahi has disclosed.

The company paid a US$100 000 ransom to the two hackers who said they would delete their copies of the data — a decision made by the company’s chief security officer Joe Sullivan and founder and CEO Travis Kalanick, according to The New York Times.

Sullivan, who previously worked for Facebook, has been fired. Kalanick resigned as CEO in June, though he remains on the company’s board.

The stolen information included names, email addresses, and phone numbers. For US drivers, it included driver’s license numbers. The company says its forensic experts have not found evidence that credit card information, location history, or dates of birth were downloaded.

The hackers targeted a third-party cloud-based service Uber uses, and then demanded the US$100 000 ransom.

Not only did the company comply, but it actively sought out the hackers and pushed them to sign a non-disclosure agreement. Uber then covered up the payment by disguising it as part of its “bug bounty” programme that rewards hackers who find weak spots in its system.

The New York attorney general has opened an investigation into the matter.

Uber’s attempt at protecting its reputation in late 2016 was in vain. Early this year, the company faced controversies including accusations of a work environment that protected men found guilty of sexual harassment.

The company hired Khosrowshahi as CEO as a means to clean up its image — and now he’s being forced to work double time.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi wrote in a statement. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

Feature image: Núcleo Editorial via Flickr (CC BY 2.0, edited)

More

News

Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.