Uber showed Tuesday that it paid hackers $100,000 to stay quiet after an October 2016 assault ended in the disclosure of 57 million shoppers’ private information, Bloomberg first reported.
The breach incorporated the names, e-mail addresses and cell phone numbers associated with accounts of folks world wide, the company said. About 600,000 Uber drivers additionally had their names and driving force’s license numbers stolen. Extra delicate data, together with travel location historical past, bank card numbers, checking account numbers, Social Safety numbers and dates of start, was once no longer accessed.
Extra troubling than the hack itself: As an alternative of revealing the breach to the affected shoppers and right kind govt government, Uber determined to pay the unnamed hackers to stay quiet.
That was once most likely the verdict of leader safety officer Joe Sullivan, a former federal prosecutor Uber employed from Fb. Sullivan and an extra workforce member had been fired this week.
Maximum states have rules requiring that businesses notify consumers who are affected by a data breach. Even supposing no longer all require shoppers to be notified in a particular time frame, many mandate that it occur once imaginable. As an example, in California, the place Uber is based totally, the disclosure should occur in “essentially the most expedient time imaginable and with out unreasonable prolong.”
There’s recently no proof that the leaked information has been used for nefarious functions, Uber advised shoppers Tuesday.
“We don’t consider anyone rider must take any motion,” the corporate mentioned in a remark. “We’ve got observed no proof of fraud or misuse tied to the incident. We’re tracking the affected accounts and feature flagged them for extra fraud coverage.”
Uber CEO Dara Khosrowshahi, who joined the corporate in September, addressed the breach in a weblog Tuesday.
“None of this must have came about, and I will be able to no longer make excuses for it,” Khosrowshahi wrote. “Whilst I will’t erase the previous, I will devote on behalf of each Uber worker that we can be informed from our errors. We’re converting the best way we do trade, hanging integrity on the core of each determination we make and dealing arduous to earn the agree with of our shoppers.”
“We should be fair and clear as we paintings to fix our previous errors,” he mentioned.
Khosrowshahi mentioned the corporate is offering affected drivers with loose credit score tracking and identification robbery coverage.