Uber endured a data breach that allowed hackers to steal the personal information of more than 57 million users, the ride share company’s chief executive acknowledged Tuesday.
Hackers accessed a third-party server used by Uber in late 2016 and gleaned the names, email addresses and mobile phone numbers of 57 million ride share users, as well as the names and driver’s license numbers of about 600,000 drivers in the United States, CEO Dara Khosrowshahi said in a blog post.
Uber took immediate steps to secure the information and its database, and the company “subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed,” wrote Mr. Khosrowshahi.
Indeed, the company quietly paid the hackers $100,000 in exchange for erasing the data, Bloomberg and The New York Times reported Tuesday.
The reported payout was arranged by Joe Sullivan, the company’s chief security officer at the time and his senior deputy, Uber’s legal director of security and law enforcement, Craig Clark, the outlets reported.
Mr. Khosrowshahi became Uber’s chief executive this past August, recently learned of the security breach and subsequently asked both of the individuals involved to resign, the reports said. Neither Mr. Sullivan nor Mr. Clark responded to requests for comment, the reports said.
“None of this should have happened, and I will not make excuses for it,” Mr. Khosrowshahi wrote in the blog post. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Uber began notifying victims of the breach on Tuesday and said it will offer free credit-report monitoring and identity theft protection services for the impacted drivers.
New York Attorney General Eric Schneiderman has launched an investigation into the breach, his office said Tuesday.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.