23 November, 2017
The new management of San Francisco-based Uber said on Tuesday that it had only learned recently that personal information from about Uber 57 million accounts had been stolen in 2016.
"The truly scary thing here is that Uber paid a bribe, essentially a ransom to make this breach go away, and they acted as if they were above the law", Curry said.
Forensic analysis confirmed that the names and driver's license numbers of around 600,000 USA drivers, as well as personal information about 57m users - including names, email addresses and mobile phone numbers - had been compromised.
"None of this should have happened, and I will not make excuses for it", Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. He was not at the helm when it happened.
The hackers subsequently contacted Uber and demanded a $100,000 extortion fee to erase the data from their servers, a demand which the company agreed to, according to the report.
The company said it paid the hackers $132,000 to delete the stolen data. As noted in a report from Bloomberg, the breach originally occurred in October of 2016, with Uber working to hide it for a year...
The common element of these breaches - use of a third-party cloud service - highlights the importance for companies to tightly control their use of such services, and to protect the data stored on them.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals". Within hours of the disclosure, a customer filed a lawsuit seeking class-action status, and New York Attorney General Eric Schneiderman launched an investigation. The hack didn't penetrate Uber's corporate systems or infrastructure, he said. "The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim", an NCSC spokesperson said.
Uber is notifying drivers whose licence numbers were swiped, and offering them credit and identity theft protections. "What I learned, particularly around our failure to notify affected individuals or regulators past year, has prompted me to take several actions", Khosrowshahi stated in a blog post.
The National Cyber Security Centre (NCSC) is investigating if this breach has affected Uber customers in the UK.More news: Owning dog linked to lower risk of dying earlier