Uber faces fines for concealing data hack

Lucy Hill
November 23, 2017

The stolen information included names, email addresses and phone numbers of 57 million Uber users around the world, and the names and license numbers of 600,000 USA drivers, according to a blog post by Uber's new chief executive, Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.

Severance declined to say if other states were investigating the breach of the names, email addresses and mobile phone numbers of some 57 million Uber users around the world as well as the driver license numbers of some 600,000 of its USA drivers.

Bloomberg reported that Uber Chief Security Officer Joseph Sullivan and one of his deputies had been ousted in connection with the breach.

According to a statement Uber released on Tuesday, two individuals outside the company inappropriately accessed user data stored on a third-party cloud-based service in October 2016 and downloaded files.

According to Khosrowshahi, forensics experts have not seen any evidence that of trip location history, credit numbers, bank account numbers, Social Security numbers, or dates of birth being compromised. The personal information of about 7 million drivers was accessed as well, including some 600,000 US driver's license numbers.

Khosrowshahi, who took over after former CEO Travis Kalanick resigned in June, said an internal investigation is being conducted into why the hack was kept secret for more than a year. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts", said Khosrowshahi.

"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes", Khosrowshahi said, adding, "We are changing the way we do business".

Uber Paid Hackers $100,000 To Delete Stolen Data Of 57 Million Users
Uber paid the hackers $100,000 to delete the compromised data stolen from its records and keep news of the breach quiet

"Uber has had a slew of controversies surrounding it for some time now and at a time when the company is relying on public opinion to help support continued operations in London through petitions etc, this incident is likely to do it no favors - as the results of our flash poll show", says Tony Pepper, co-founder and CEO of Egress.

Like this story? Share it!

Schneiderman and his counterpart in Connecticut, George Jepsen, on Wednesday told AFP that Uber is the target of probes in their states over the hidden hack.

It's also the latest major breach involving a prominent company that didn't notify the people that could be potentially harmed for months or even years after the break-in occurred.

Uber has admitted it covered up a data breach in 2016 that affected 57 million customers and drivers.

Boffetti said New Hampshire law requires companies to notify the state of data breaches and to disclose how many New Hampshire residents may have been affected. From there, the hackers discovered an archive of rider and driver information.

The company said it paid the hackers $132,000 to delete the stolen data. The two employees were removed this week.

Belk Black Friday 2017 Sale Launched Online With 400 Doorbusters
If there are not enough items in stock, Walmart will guarantee pick up of the item before Christmas at the Black Friday pricing. And don't forget the classic tactic of increasing original prices to then have a more favorable sale price to compare to.

Other reports by TheDailyFarc

Discuss This Article