Personal details for some 57 million Uber customers and 600,000 drivers were stolen by hackers over a year ago, the company revealed yesterday. Rather than reporting the incident as required by law, two higher-ups on Uber’s security team paid the attackers $100,000 to keep quiet about the breach.
Those two employees, including chief security officer Joe Sullivan, are no longer with the company as of this week, according to CEO Dara Khosrowshahi.
Uber boosted security measures after the breach came to light and has since brought on a cybersecurity consultant to advise on other steps to take going forward, Khosrowshahi said in a blog post yesterday. While Uber said there have been no signs to date that the stolen data has been used for fraudulent purposes, Khosrowshahi said the company is notifying affected drivers and providing them with free credit monitoring and identity theft protection.
Affected riders have also been flagged for additional fraud protection, although they don’t need to take any other action beyond regularly monitoring their credit and accounts, the company said.
Latest in a String of Damaging Developments
Long held up as an example of a wildly successful “disruptive” technology company, Uber has been hit by one PR disaster after another over the past year. Reports about widespread sexual harassment and discrimination at the company led founder/CEO Travis Kalanick to resign in June. The company has also faced state and federal investigations related to its use of “Greyball” software to evade regulators, and was told in September that London’s transport agency would not renew the company’s private hire operator license because it was “not fit and proper.”
This week’s revelations that the company covered the hack have added to the challenges Khosrowshahi now faces in trying to repair Uber’s reputation.
In a blog post yesterday, Khosrowshahi said he only…