Uber the global cab aggregator, covered up a major data breach which occurred in October 2016 by paying the hackers $ 100,000. The breach exposed the data of some 57 million accounts of the ride service provider. The personal information of about 7 million drivers along with the license information of 600,000 US drivers was also stolen. However, the company claims the information was never used by the hackers.
Uber’s new CEO, Dara Khosrowshahi said the employees responsible for handling the data breach were fired for covering up the incident after the matter was brought to his attention. “None of this should have happened and I will not make excuses for it,” he said in a blog post on the company website. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he added.
Last year, Uber faced multiple scandals including sexual harassment allegations, a lawsuit alleging trade secrets theft and multiple federal criminal probes. At the time of the hack, Uber was negotiating with US regulators investigating separate claims of privacy violations. The company, according to Bloomberg, had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken.
Two hackers gained access to GitHub and all the proprietary information used by Uber including names, email addresses and mobile phone numbers of Uber users around the world. New York Attorney General Eric Schneiderman launched an investigation into the hack on Tuesday. A customer also sued the company for negligence over the breach on behalf of the users affected, seeking a class action status.
Uber’s Chief Security Officer Joe Sullivan and a deputy Craig Clark were the two employees fired for their role in hiding the security incident. VCCircle reported, Kalanick was informed about the breach a month later. A board committee tasked with investigating the breach concluded neither Kalanick nor Uber’s general counsel of the time, Salle Yoo, were involved in the decision to not disclose the stolen data.
In an attempt to restructure the security teams and processes, Matt Olsen, former General Counsel of the US National Security Agency, was hired by the company. At the same time, cybersecurity firm owned by FireEye Inc., (FEYE.O,) Mandiant, will be investigating the security breach.