In what comes across as an attempt at concealing a major data breach, CEO Dara Khosrowshahi revealed on Tuesday night that Uber executives had concealed a major cyber attack that compromised the information of 57 million user accounts.
The hack which has been brought to the fore only now, occurred in October 2016, with the hackers having gained names, phone numbers and email addresses of about 50 million users across the world. According to Khosrowshahi, the hackers also downloaded names and drivers license numbers of about 6,00,000 US-based drivers.
"None of this should have happened and I will not make excuses for it," said Khosrowshahi in a blog post. According to the Uber CEO's statement, two individuals downloaded data from a web-based server at another company that provided Uber with cloud-computing services.
Khosrowshahi further stated, “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed”. The CEO who took over reigns in August mentioned that he had only recently learned of the incident.
Reassuring riders in the light of the incident, the statement said that riders did not need to take any necessary action and that no evidence of fraud or misuse tied to the incident has been found. As for drivers, the company said it would be notifying those affected by mail or email offering them additional security in the form of free credit monitoring and identity theft protection.
According to a report by Bloomberg News, the ride-hailing company fired chief security officer Joe Sullivan and a deputy earlier this week because of their role in the concealment of the incident. The company had apparently paid hackers $100,000 to delete the stolen data.
While an investigation into the data breach has been taken up by the New York Attorney General's office, the event also adds to the list of scandals inherited from former Uber CEO, Travis Kalanick. Kalanick who has yet to comment on the hack, learned about the incident in November 2016, a month after the breach took place.
The report adds that the breach, although large, is still smaller than those reported at Yahoo, MSpace, Target Corp. and Equifax.