Uber today acknowledged that there was a massive data breach last October which led to the data of 57 million customers and drivers making its way into the hands of hackers. The company kept this breach a secret and even paid the hackers $100,000 to keep the breach under wraps.
The data breach included the name and driver license numbers of around 600,000 Uber drivers in the United States. Additionally, personal information like email addresses and phone number of 57 million Uber users across the world was also leaked. The job was done by two hackers who managed to gain access to confidential information stored on GitHub. From there, they found the login credentials of one of Uber’s cloud providers from where they were able to download data related to the drivers and Uber users.
Uber’s new CEO Dara Khosrowshahi in a blog post details that the company is now taking the help of Matt Olsen, a cybersecurity consulting firm, to guide Uber’s security team and the process going forward. It is also providing affected drivers with free credit monitoring and identity theft protection while also notifying all regulatory authorities. The company has also fired two of the employees who led the response to the data breach.
“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.” Uber’s CEO Dara Khosrowshahi said in a statement.
Uber says that it ensured the hackers deleted the leaked data and that there was no evidence of fraud. Since the breach, Uber has already fixed that loophole and has further bolstered its security to ensure something like this does not happen again in the future.