Endangered data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders throughout the world, the business told News on Tuesday. The personal data of about 7 million drivers were obtained as well, including some 600,000 U.S. driver’s license plates. No Social Security numbers, credit card information, trip location details or other data comprised, Uber said.
At the time of the event, Uber was negotiating with U.S. controls investigating separate claims of privacy violations. Uber now says it had a statutory obligation to report the hack to regulators and to drivers whose license amounts were taken. Instead, the company paid hackers to remove the data and keep the breach quiet. Uber said it considers the information was never used but declined to disclose the information of the attackers.
“None of this should have fallen, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are shifting the way we do business.”
After Uber’s confession Tuesday, New York Attorney General Eric Schneiderman launched an inquiry into the hack, his spokeswoman Amy Spitalnick said.
Hackers have fortunately infiltrated numerous companies in recent years. The Uber violation, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc.and Equifax Inc. What’s more disturbing are the extreme measures Uber took to hide the attack. The violation is the latest scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.
Kalanick, Uber’s co-founder, and former CEO, heard of the hack in November 2016, a period after it took place, the company said. Uber had just resolved a lawsuit with the New York attorney general over data security revelations and was in the process of selling with the Federal Trade Commission over the handling of customer data. Kalanick declined to comment on the hack.
Take your time to comment on this article.
