Uber concealed data breach affecting 57 million people

PUBLISHED Tue, November 21, 2017 - 5:50pm EST

Ride-hailing company Uber concealed a data breach that affected the personal information of 57 million customers and drivers, the company admitted on Tuesday. Its chief security officer and one of his deputies have been fired. (more)

Dara Khosrowshahi, who took over as chief executive in August, said he recently became aware of the data breach, which occurred in October 2016 when the company was negotiating with U.S. regulators over an investigation into claims of privacy violations. Uber failed to report the breach.

"I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use," Khosrowshahi said in a statement. "The incident did not breach our corporate systems or infrastructure."

Khosrowshahi said those responsible were able to download some personal information - including names, email addresses and mobile phone numbers - of 57 million Uber users around the world. They also downloaded the names and driver's license numbers of around 600,000 drivers in the U.S.

After the breach was detected, the company identified those responsible and paid them $100,000 to delete the information and to keep the breach quiet, according to Bloomberg, which first reported the news. Uber said it believes the stolen data was never used.

Joe Sullivan, the company's chief of security who led the response to last year's data breach, was asked to resign after Khosrowshahi became aware of what happened, according to Bloomberg. Craig Clark, a senior lawyer who reported to Sullivan, has been fired.

It was not immediately disclosed who was responsible for the data breach or how it was carried out. There was also no immediate word on whether U.S. regulators will launch an investigation into what happened and the company's failure to report the incident.

"None of this should have happened, and I will not make excuses for it," Khosrowshahi said. "While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."

The company said it will notify drivers affected by the breach and provide them with free credit monitoring and identity theft protection. It was not immediately clear whether it will also notify affected customers, but Uber said it will flag affected accounts for "additional fraud protection."

  United States     





Happening Now

U.S. FCC votes to repeal net neutrality rules

WATCH LIVE:  FCC expected to vote on repealing its net neutrality rules

Democrat Doug Jones wins U.S. Senate election in Alabama

Strong earthquake hits near Kerman in southeast Iran

Suspect in New York subway bombing acted on behalf of ISIS


Listen to "BNO News - Breaking News Radio" on Spreaker.


Just want the important news? Sign up now for the fastest email alerts from BNO News. Click here to get started!


U.S. FCC votes to repeal net neutrality rules

Democrat Doug Jones wins U.S. Senate election in Alabama

Strong earthquake hits near Kerman in southeast Iran

Small plane crash into home in San Diego, at least 2 injured

Massive fire erupts in Chicago’s Bridgeport neighborhood


Large explosion in China’s port city of Ningbo kills at least 2

Mount Agung erupts on Indonesia’s Bali island, some flights canceled

Woman in Italy rescued after being held captive for 10 years

False alarm causes mass panic on London’s Oxford Street

Militants attack mosque in Egypt’s Sinai, killing at least 235