A major cyber attack on taxi aggregator Uber in 2016 exposed sensitive data of 57 million Uber customers and drivers around the world, the company revealed Tuesday, adding that it hid the breach from public view.
The information breach included names, email addresses and phone numbers of 57 million Uber users, including 6,00,000 drivers in the US, Uber’s newly appointed CEO Dara Khosrowshahi said in a statement issued yesterday.
"Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded," the statement said.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed," it added.
Discovery of the company's handling of the incident led to the departure of two employees who led Uber's response to the incident, said Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick.
The CEO said he came to know of the incident only recently.
"None of this should have happened, and I will not make excuses for it," Khosrowshahi said in a blog post.
According to the company's account, two individuals downloaded data from a web-based server at another company that provided Uber with cloud-computing services.
Bloomberg News reported that Uber's chief security officer Joe Sullivan and a deputy had been ousted from the company this week because of their role in the handling of the incident.
The company paid hackers $100,000 to delete the stolen data, according to Bloomberg.
"I've asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward," the statement added.