Uber is acknowledging that members of its cyber security team hid a data breach that impacted 57 million customers and drivers.
The ride-share company has said that hackers were able to steal the names and driving licences of some 600,000 US drivers in a data breach that occurred last October, according to Bloomberg.
However, credit card numbers, bank account numbers, dates of birth and social security numbers were not breached in the attack, Uber has claimed.
Uber acknowledged in a statement on Tuesday (November 21) that members of its security team opted to pay hackers $100,000 to delete the stolen data last year, in order to keep the situation secret.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," the company said. "We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures."
Newly-installed CEO Dara Khosrowshahi has acknowledged that he initiated a thorough review when he learned of the attack months after it had taken place.
"None of this should have happened, and I will not make excuses for it," he said. "We are changing the way we do business."
Khosrowshahi further explained: "You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it."
In response to the cover-up, Uber has fired its former cyber security chief Joe Sullivan and one of his deputies for their part in allegedly concealing the hack.
You Might Also Like