Uber says it paid hackers $100,000 after they stole data last year on 57 million of its users.
The startup did not disclose the attack until Tuesday, adding a potential cover up to a list of recent corporate controversies.
The company did not alert victims or regulators of the breach when it was first discovered.
Britain’s data protection watchdog said the news raised “huge concerns” about Uber’s data policies and ethics.
“If U.K. citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed,” said James Dipple-Johnstone of the U.K. Information Commissioner’s Office.
Uber CEO Dara Khosrowshahi said in a statement he recently learned of the breach.
Khosrowshahi, who became CEO in August, said he launched an investigation into why the company did not alert authorities or affected individuals. He said, “two of the individuals who led the response to this incident are no longer with the company.” Khosrowshahi said the company is now notifying regulatory authorities.
Bloomberg reported that Joe Sullivan, Uber’s chief security officer, is no longer with the company. Uber would not confirm to CNNMoney which individuals had left the company.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said in the statement.
“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts,” he said.
Uber did not say how hackers assured the company the stolen data was destroyed, but it did confirm that $100,000 was paid to the hackers.
According to the company, no location history, credit card numbers, Social Security numbers, or dates of birth were downloaded in the hack. Uber said it is providing free credit monitoring to drivers who had their license numbers exposed.
It’s the latest blow to Uber, which is trying to improve its public image. The company has been embroiled in a number of controversies, including using software called Greyball to evade regulators, a court battle over allegedly stolen secrets from Google’s self-driving car division, and a slew of complaints regarding sexual harassment and toxic company culture.
This week, the company was fined almost $9 million for background check issues in Colorado.
In his statement, Khosrowshahi said things will be different moving forward. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he wrote.
- Content by Selena Larson, November 22, 2017
- Original article: http://money.cnn.com/2017/11/21/technology/uber-hacked-2016/index.html
Ready to protect your data? What You Can Do:
- Immediately, install a FREE 30-day Trial of EZProtect Antivirus and connect it to your Salesforce org(s) to start scanning files, document uploads, or chatter for viruses or malicious content. Once this is complete, you will have a sense of how many files your organization scans per month and you will be well poised to convert to a paid plan.
- You may also download the full brochure with FAQs and schedule a demo to better understand how the tool works inside and outside of Salesforce by visiting www.adaptus.com/portfolio/ezprotect/