Uber hid a cyber attack that had exposed the data of over 57 million users and drivers for over a year and never disclosed of it.
The hackers had stolen the data last year, which included names and driver’s license numbers of about 600,000 drivers in the U.S. It also stole the name of riders’ names as well as their e-mail addresses and phone numbers.
Uber paid the hackers $100,000 to delete the data and keep the cyber attack quiet.
Uber finally released a statement on the hack and had said that the hack was performed by two people on a third party cloud service.
Uber released a statement on the 2016 attack and published resources for riders and drivers. According to the statement, the hack was performed by two people on a third-party cloud service.
Uber also said that data such as location history, bank account numbers, credit card numbers, dates of birth, or social security numbers were not stolen.
The driver’s who had their information exposed will have free credit monitoring and identity theft protection.
CEO Dara Khosrowshahi commented, “None of this should have happened, and I will not make excuses for it.” Travis Kalanick, the company’s former CEO, was aware of the hack.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures,” Uber also said in a statement.
“You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it,” Khosrowshahi said.