Uber says it paid hackers $100,000 after they stole data final yr on 57 million of its customers.
The startup didn’t disclose the assault till Tuesday, including a possible cowl as much as an inventory of latest company controversies.
Uber mentioned that two people exterior the corporate accessed the non-public data of 57 million Uber customers in late 2016, together with names, electronic mail addresses and cellphone numbers. The license numbers of round 600,000 drivers in america have been included in the breach.
The corporate didn’t alert victims or regulators of the breach when it was first found.
Britain’s data safety watchdog mentioned the information raised “enormous issues” about Uber’s data insurance policies and ethics.
“If U.Ok. residents have been affected then we should always have been notified in order that we might assess and confirm the influence on people whose data was exposed,” mentioned James Dipple-Johnstone of the U.Ok. Data Commissioner’s Workplace.
Uber CEO Dara Khosrowshahi mentioned in a press release he lately realized of the breach.
Khosrowshahi, who grew to become CEO in August, mentioned he launched an investigation into why the corporate didn’t alert authorities or affected people. He mentioned, “two of the people who led the response to this incident are not with the corporate.” Khosrowshahi mentioned the corporate is now notifying regulatory authorities.
Bloomberg reported that Joe Sullivan, Uber’s chief safety officer, is not with the corporate. Uber wouldn’t affirm to CNNMoney which people had left the corporate.
Associated: Uber’s PR crises present no signal of letting up
“On the time of the incident, we took fast steps to safe the data and shut down additional unauthorized entry by the people,” Khosrowshahi mentioned in the assertion.
“We subsequently recognized the people and obtained assurances that the downloaded data had been destroyed. We additionally carried out safety measures to limit entry to and strengthen controls on our cloud-based storage accounts,” he mentioned.
Uber didn’t say how hackers assured the corporate the stolen data was destroyed, but it surely did affirm that $100,000 was paid to the hackers.
Based on the corporate, no location historical past, bank card numbers, Social Safety numbers, or dates of delivery have been downloaded in the hack. Uber mentioned it’s offering free credit score monitoring to drivers who had their license numbers exposed.
It is the newest blow to Uber, which is making an attempt to enhance its public picture. The corporate has been embroiled in quite a lot of controversies, together with utilizing software program known as Greyball to evade regulators, a court docket battle over allegedly stolen secrets and techniques from Google’s self-driving automobile division, and a slew of complaints relating to sexual harassment and poisonous firm tradition.
This week, the corporate was fined virtually $9 million for background examine points in Colorado.
In his assertion, Khosrowshahi mentioned issues will probably be totally different transferring ahead. “Whereas I can not erase the previous, I can commit on behalf of each Uber worker that we are going to be taught from our errors,” he wrote.
— Samuel Burke contributed reporting.
CNNMoney (San Francisco) First printed November 21, 2017: 6:27 PM ET