Uber tried keeping the massive hack a secret by actually paying the hackers $100,000 in return for erasing all the data that they had got access to.
Uber suffered a massive data breach that left hackers having access to details of more than 57 million customers and drivers. While that is enough to bring shame to the company already having to deal with a rather tainted past, what is further adding to its woes is the manner how it tried to deal with the data theft.
According to details now coming to the fore, Uber had, in fact, tried to cover up the breach that happened more than a year ago – October 2016, to be precise – by actually paying the hackers a sum of $100,000 to delete all data they had stolen. Among the information, hackers had access to include the names, email addresses and phone number of Uber riders from across the world.
That is not all as personal details of 7 million of Uber’s drivers too were stolen. Among those, 600,000 are from the US whose driver’s license numbers got revealed to the hackers. Uber though said no information of sensitive nature has been stolen, such as the social security numbers or credit card info.
While the very fact that Uber’s security was compromised is enough of a blot to the company’s already not so bright records, that they chose to keep the matter hush-hush can also be seen as a big jolt to the company’s turnaround plans under a new leadership.
The immediate response from the company has been the ouster of Joe Sullivan, the then security chief along with another of his deputy. Uber also said they would provide all drivers whose licenses have been revealed with credit protection monitoring and identity theft protection free of cost.
Further, Uber said it is also restructuring its entire security framework to prevent such acts in future. That also includes having on board Matt Olsen, an ex-general counsel at the National Security Agency and director of the National Counterterrorism Center on an advisory role.
Dara Khosrowshahi who took over the reins of the company this September expressed regret at the incident which he said shouldn’t have happened at the first place. He also vowed to bring about sweeping changes to the way the company functions to prevent such acts in future.