Published: Wed, November 22, 2017
Hi-Tech | By Ellis Neal

Uber hid a cyberattack that exposed 57 million users' data

Uber hid a cyberattack that exposed 57 million users' data

Personal information about 57 million Uber customers and drivers was stolen by hackers last October, a breach the company kept hidden for a year and for which its chief security officer was sacked this week.

Trip records, location data, and social security numbers were not stolen in the breach, the company said. The ride-hailing company said information on driver and rider names, emails and telephone numbers had been compromised in a data breach.

To cover up the data breach, Uber had paid the hackers $100,000 to delete the data and stay quiet, according to Bloomberg.

In response, Uber fired Chief Security Officer Joe Sullivan this week, Bloomberg reported. "We are changing the way we do business".

"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals", he said.

As some have noted, the details of how the company got hacked don't inspire much confidence in the company's cybersecurity practices. Uber has brought on a former lawyer for the National Security Agency, who also served as a director for the National Counterterrorism Center, to help it buff up security.

The issue came to light in recent months after an investigation by Uber's board into the company's past, in which board members looked at several internal practices.

Kalanick declined to comment when reached by Bloomberg, which goes into how the hack worked at length.

The company is already facing a number of federal probes into its privacy practices as it transitions from its former Chief Legal Officer Salle Yoo, who was not notified about this incident, to Tony West who will start this week.

Uber says it plans to release a statement to customers saying it has seen "no evidence of fraud or misuse" associated with the hack. It also will be providing the more than 600,000 drivers with free credit monitoring and identity theft protection.

Like this: