Uber paid hackers $100K to cover up a 2016 data breach exposing more than 57M users
- In 2016, Uber suffered a data breach that compromised the personal information of 57 million users and 600,000 of its drivers, the company announced Tuesday. When the breach was first discovered, the company paid hackers $100,000 to delete data and cover up the breach, according to a Bloomberg report.
- In a statement, Uber's new CEO, Dara Khosrowshahi, said two hackers accessed data stored on a third-party cloud service last year but did not breach corporate systems. The breach compromised the names and driver's license numbers of the drivers and data including the names, email addresses and mobile phone numbers of Uber users.
- Outside security experts found no evidence location history, credit card numbers, Social Security numbers or dates of birth were downloaded. Khosrowshahi called for a thorough investigation into the incident and how it was handled, and the company has since notified regulatory bodies and affected drivers, among others.
When Khosrowshahi joined Uber in August, he was tasked with reshaping the culture of a tech unicorn that had become embroiled in multiple scandals. Now, in his first few months in the job, he will have to work to appease regulators.
"None of this should have happened, and I will not make excuses for it," Khosrowshahi said. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
In response to how the breach was handled, Joe Sullivan, chief security officer, and Craig Clark, senior lawyer, are no longer with the company, The Wall Street Journal reports.
When breaches occur, regulators and consumers alike want accountability. In many cases, the CEO is removed, making room for a new era of leadership. But in Uber's case, the company is already working to revamp its image. And paying for a breach cover up could damage the company even further, highlighting just how much repair its reputation needs.
Khosrowshahi continues calls for transparency. As one of its remediation efforts, Uber brought on a leading cybersecurity expert, Matt Olsen, to rethink the company's security structure and strategy going forward.
Follow Naomi Eide on Twitter