November 22, 2017
Uber Paid Hackers $100K to Conceal Data Breach in 2016
Hackers stole personal data from 57 million Uber customers and drivers in 2016, over a year ago. The breached information includes names, email addresses, and phone numbers. They also accessed divers license numbers of 600,000 Uber drivers based in the U.S. Uber says location history, credit card information, bank account information, Social Security numbers, and birthdays were not breached.
Uber finally acknowledged the breach this Tuesday, after actively concealing it for over a year. Uber’s new CEO, Dara Khosrowshahi, has since fired the company’s chief security officer and another employee for their roles in concealing the hacks and paying $100,000 to the hackers to keep it quiet. The former employees had taken immediate steps to identify the hackers and paid them ransom to destroy the stolen data.
Khosrowshahi, who became CEO in August 2017, says he recently learned of the breach and chose to disclose it. Khosrowshahi has since hired Matt Olsen, a former NSA general counsel and director of the National Counterterrorism Center, to guide Uber’s cybersecurity going forward. The company is notifying drivers whose license numbers were stolen and providing them free credit monitoring and identity theft protection.
Uber is working with regulators to resolve the issue. New York’s Attorney General has already launched an investigation into the hack.