It is reported that Uber paid hackers $100,000 to keep data breach a secret. The personal information of about 57 million accounts was reportedly compromised in a hack that took place in October 2016. The incident was first reported by Bloomberg on November 21, 2017. The company reportedly fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week for concealing the hacking incident.
Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August, wrote in a blog post, “None of this should have happened, and I will not make excuses for it.” He also revealed that he got to know about the breach recently.
Kalanick learned of the breach within a month in November 2016, but he reportedly chose not to share the incident with fellow board members. He still continues to be on Uber’s board and Khosrowshahi said that he regularly consults the former CEO.
While announcing that the expose led to the sacking of two employees, Khosrowshahi said “the stolen information included names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 U.S. drivers.”
Khosrowshahi was quoted saying as “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
To investigate the breach, Khosrowshahi said that his company has hired Mandiant, a cybersecurity firm owned by FireEye and Matt Olsen, former general counsel of the U.S. National Security Agency, to restructure the company’s security teams and processes.
In a statement, Uber said “Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring.”
The company alleged that two hackers gained unauthorized access to information on Github and stole Uber’s credentials for a separate cloud-services provider where they were able to download driver and rider data.
Meanwhile Uber spokeswoman said the hack was not the result of a failure of GitHub’s security while adding that the New York attorney general has opened an investigation.
In 2014, Uber had acknowledged that its employees had used a software tool called “God View” to track passengers.