Uber Covered Up a Cyberattack Last Year That Exposed Data of 57 Million Riders and Drivers
Uber suffered a large-scale cyberattack in October of 2016 that exposed the confidential user data of 57 million customers and drivers, according to a Bloomberg report published today. Former CEO Travis Kalanick was informed of the hack just one month after it transpired, but it was not publicly announced and in fact was concealed by Chief Security Officer Joe Sullivan and his subordinates, the report says, leading Uber to fire the executive and one of his lieutenants this week.
The company allegedly paid its hackers a $100,000 ransom to delete the data and not publicize the breach to media or regulators. “None of this should have happened, and I will not make excuses for it,” current CEO Dara Khosrowshahi, who replaced Kalanick as chief exec job back in September, told Bloomberg. “We are changing the way we do business.” Uber reportedly declined to identify the attackers.
The hack included names, email addresses, and phone numbers of more than 50 million Uber riders worldwide, while more than 7 million Uber drivers had similar data exposed on top of driver’s license numbers for around 600,000 US drivers. Bloomberg says Uber, at the time of the breach, was talking with US regulators over separate privacy violations and had just settled with the Federal Trade Commission over mishandling of consumer data, leading Sullivan to spearhead a cover-up to avoid further fallout over its security and privacy practices. Uber’s board of directors initiated an investigation of Sullivan’s team last month, leading to disclosure of the hack and its concealment.