Hackers stole the personal data of 57 million the consumers and motorists from Uber Engineering Inc ., a massive breach that the company disguised for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 pay to the attackers.
Compromised data from the October 2016 onslaught included identifies, mailing address and phone numbers of 50 million Uber equestrians around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million motorists was retrieved as well, including some 600,000 U.S. driver’s license numbers. No Social security systems amounts, charge card information, trip-up place details or other data were taken, Uber said.
At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy misdemeanours. Uber now says it had a legal obligation to report the hacker to regulators and to drivers whose license amounts were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the the identity cards of the attackers.
” None of this should have happened, and I will not make excuses for it ,” Dara Khosrowshahi, who took over as chief operating officer in September, said in an emailed statement.” We are changing the space we do business .”
After Uber’s disclosure Tuesday, New York Attorney General Eric Schneiderman launched an investigation into the hack, his spokesperson Amy Spitalnick said. The company was also sued for negligence over the infringe by a customer seeking class-action status.
Hackers has been successful in infiltrated several companies in recent years. The Uber breach, while large-scale, is dwarfed by those at Yahoo, MySpace, Target Corp ., Anthem Inc . and Equifax Inc . What’s more alarming are the extreme assess Uber took to hide the attack. The breach is the latest scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.
Kalanick, Uber’s co-founder and former CEO, learned of the hacker in November 2016, a few months after it has just taken place, the company said. Uber had just settled a lawsuit with the New York attorney general over data protection revealings and was in the process of negotiating with the Federal Trade Commission over the handled in buyer data. Kalanick declined to comment on the hack.
Joe Sullivan, the outgoing protection bos, spearheaded the response to the hacker last year, a spokesman told Bloomberg. Sullivan, a onetime “prosecutors ” who joined Uber in 2015 from Facebook Inc ., has been at the center of much of the decision-making that has come back to bite Uber this year. Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside constitution firm, detected the hack and the failure to disclose, Uber said.