Research

Uber admits to covering up cyberattack that affected 57 million users

Uber admits to covering up cyberattack that affected 57 million users

This isn't his first run-in with the ride-hailing company - just past year his office reached a settlement with Uber over its collection and use of riders' personal information and its delayed disclosure of a 2014 data breach.

Fifty-seven million Uber users had their names, email addresses and phone numbers leaked to two people outside the company. Uber said it had informed regulators around the world of the breach on Tuesday, as well as individually contacting the United States drivers whose license numbers had been taken.

Uber did not say how hackers assured the company the stolen data was destroyed, but it did confirm that $100,000 was paid to the hackers.

Tech Crunch also added that Uber could face problems in their home state of California for the attempted data breach cover up.

"Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded", the page explains. Kalanick, the company's co-founder, was ousted as CEO in June after a string of scandals and controversies, including allegations of sexual harassment and technology theft.

It said the breach, from mid-May through July, could affect more than 145 million U.S. customers as well as Canadian and British clients.

Uber announced that ride users shouldn't worry as there is no evidence of fraud. Potential exposure under the NDB scheme is only likely to exacerbate the concerns, with significant penalties for Australian companies that fail to protect customers' PII or fail to quickly take appropriate steps after a breach.

State Attorneys General from NY and MA have opened investigations into the data breach. The company is also notifying regulators after failing to do so one year ago.




As we can see in this chart from Statista, Uber's incident was unfortunate, but relatively low impact compared to others that have occurred over the past few years.

"They've stopped it, they took care it, I'm still gonna drive", said Uber driver Bobby Bennett.

"Effective today, two of the individuals who led the response to this incident are no longer with the company", he said.

Khosrowshahi said in an emailed statement that Uber secured its systems and implemented new security measures after the attack.

Affected drivers will get free credit monitoring and identity theft protection.

"It doesn't appear that happened here", he said.

"Uber CEO Dara Khosrowshahi's statement that there is no excuse for what happened and Uber will be putting integrity and trust at the core of every business decision is a welcome message", he said.