The ridesharing company Uber took steps to conceal the October 2016 cyberattack, which exposed 57 million people’s data, according to a new report from Bloomberg.
The move included a payment of $100,000 to two hackers who had captured the data in exchange for their word to keep quiet and delete the information, according to the report. The firm itself has also confirmed that they paid the hackers responsible to delete the data. .
The company acknowledged on Tuesday that two individuals in October 2016 had entered and downloaded data on 57 million Uber users and drivers that was maintained in a third-party infrastructure system. Uber says none of its own systems were breached.
“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, CEO of Uber who replaced Kalanick as Chief Executive in September, wrote in the company’s official statement. The company declined to identify the attackers as the current CEO also commented, “We are changing the way we do business.”
The hackers stole users’ personal data including full names, phone number information and email addresses, as well as the names of 600,000 driver’s license numbers in the United States. The company said more critical information has not been compromised, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates.
In his statement, Dara Khosrowshahi said the company had “obtained assurances that the downloaded data had been destroyed” and improved its security, but that the company’s “failure to notify affected individuals or regulators” had prompted him to take several steps, including the departure of two of the employees responsible for the company’s 2016 response.
This is a big return from what could potentially be a catastrophe for the company, so great save!