Uber has officially disclosed a massive data breach that affected some 57 million users.The breach originally occurred in October of 2016, with Uber working to conceal it for a year. Of the 57 million affected users, 50 million were riders and the other 7 million drivers. The leaked information included names, email addresses, and phone numbers. Additionally, the license numbers of 600,000 drivers were exposed during the breach. Uber says no Social Security numbers or location data was involved.
Travis Kalanick, Uber co-founder and former CEO, was made aware of the breach in November 2016. Around that same time, the company was in the midst of settling issues with both the New York attorney general and the FTC over the handling of the customer data. Thus, instead of properly disclosing the breach, which it was under legal obligation to do, Uber paid the hackers $100,000 to delete the data and stay quiet. Uber has faced a stream of top-level executive departures over issues from sexual harassment to data privacy to driver working conditions, which forced its board to remove Kalanick as CEO in June.
It would be recalled that London’s transport regulator stripped Uber of its license to operate citing the company’s failure to deal with public safety and security issues, although Uber is appealing against the decision and the new CEO has held talks with Transport for London to resolve the stand-off.
However,Uber’s new CEO, Dara Khosrowshahi, responded to the news of the hack and said “none of this should have happened” and reiterated Uber’s efforts to change how it does business.It was reveal that two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information.
“None of this should have happened, and I will not make excuses for it. We are changing the way we do business. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said in the emailed statement.
This has further raised concerns around the operations of Uber and raises huge concerns around its data protection policies and ethics.
Regulator are determine to press charges against Uber “We are pressing them for the full details of what has happened so that we can be satisfied that all the right protections are in place for the personal data of drivers and customers in London,” a Transport for London spokesman said.
Reported by Fikayo Owoeye