Uber said on Tuesday that it had paid $100,000 to hackers in order to cover up a last year’s massive data breach which exposed millions of users’ personal information. CEO Dara Khosrowshahi informed that two employees responsible for Uber’s response to the attack were fired after the payment to cover up the incident was discovered. Uber’s chief security officer Joe Sullivan and a deputy, Craig Clarkwere laid off because of how they handled the hack.
“None of this should have happened, and I will not make excuses for it,” he said.
According to Khosrowshahi, the breach occurred in October 2016, but he learned of it not long ago. He said names, email addresses and phone numbers of about 50 million users from all around the world were stolen, as well as names and license numbers of about 7 million U.S. drivers. Uber was previously the subject of controversy due to allegations of sexual harassment, several federal criminal investigations and a lawsuit regarding trade secrets theft.
The company assured users they needn’t worry as there was no evidence of fraud, whereas drivers will get free identity theft protection. The information was stolen from GitHub, a software development platform, but a spokeswoman for GitHub said the hack was not due to a failure in the platform’s security.
The CEO of Uber further said he committed “on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
The New York attorney general has already opened an investigation into the incident, while regulators in both Australia and the Philippines will also look into it. Founder of Uber and former CEO of the company, Travis Kalanick, found out about the breach last November, after which an investigation was opened by a board committee. It found that neither Kalanick nor Uber’s general counsel Salee Yoo had any part in the cover-up.
At the time, Uber was negotiating with the U.S. Federal Trade Commission, investigating other claims of privacy violations, over the handling of consumer data. The company was legally obliged to report the beach, but it failed to do so, and paid hackers to recover the data and keep the breach secret, Bloomberg reported on Tuesday evening.
Be the first to comment