Uber is coming clean about its cover-up of a year-old hack that stole personal information from more than 57 million customers and drivers.
As of now, there's no evidence that the data taken has been misused, according to Ubers recently hired CEO, Dara Khosrowshahi. Uber acknowledges paying the hackers $100,000 to destroy the stolen information.
It's also the latest major breach involving a prominent company that didn't notify people that could be potentially harmed for months or even years after the hack occurred.
Khosrowshahi criticized Uber's handling of its data theft in his blog post. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," Khorowshahi wrote. "We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."
"That pledge shouldn't excuse Uber's previous regime for its egregious behavior", said Sam Curry, chief security officer for the computer security firm Cybereason.
"The truly scary thing here is that Uber paid a bribe, essentially a ransom to make this breach go away, and they acted as if they were above the law," Curry said. "Those people responsible for the integrity and confidentiality of the data in-fact covered it up."
Names, email addresses and mobile phone numbers of 57 million riders around the world were compromised. 600,000 U.S. Uber drivers license numbers were also taken.
Uber waited until Tuesday to begin notifying the drivers who licenses had been compromised. Because of this, Uber will now pay for for free credit-report monitoring and identity theft protection services for those drivers affected.
Uber's silence about its breach came while they were negotiating with the Federal Trade Commission about its handling of its riders' information.
Earlier in 2016, the company reached a settlement with the New York attorney general requiring it to take steps to be more vigilant about protecting the information the apps stores about riders. Uber also paid a $20,000 fine for waiting five months to notify everyone about another data breach that was discovered in September 2014.
Give us a call to learn more about keeping your personal information safe and how to handle data breaches involving personal information.
