Uber concealed data breach affecting 57 million people

PUBLISHED Tue, November 21, 2017 - 5:50pm EST

Ride-hailing company Uber concealed a data breach that affected the personal information of 57 million customers and drivers, the company admitted on Tuesday. Its chief security officer and one of his deputies have been fired. (more)

Dara Khosrowshahi, who took over as chief executive in August, said he recently became aware of the data breach, which occurred in October 2016 when the company was negotiating with U.S. regulators over an investigation into claims of privacy violations. Uber failed to report the breach.

"I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use," Khosrowshahi said in a statement. "The incident did not breach our corporate systems or infrastructure."

Khosrowshahi said those responsible were able to download some personal information - including names, email addresses and mobile phone numbers - of 57 million Uber users around the world. They also downloaded the names and driver's license numbers of around 600,000 drivers in the U.S.

After the breach was detected, the company identified those responsible and paid them $100,000 to delete the information and to keep the breach quiet, according to Bloomberg, which first reported the news. Uber said it believes the stolen data was never used.

Joe Sullivan, the company's chief of security who led the response to last year's data breach, was asked to resign after Khosrowshahi became aware of what happened, according to Bloomberg. Craig Clark, a senior lawyer who reported to Sullivan, has been fired.

It was not immediately disclosed who was responsible for the data breach or how it was carried out. There was also no immediate word on whether U.S. regulators will launch an investigation into what happened and the company's failure to report the incident.

"None of this should have happened, and I will not make excuses for it," Khosrowshahi said. "While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."

The company said it will notify drivers affected by the breach and provide them with free credit monitoring and identity theft protection. It was not immediately clear whether it will also notify affected customers, but Uber said it will flag affected accounts for "additional fraud protection."

  United States     





Happening Now

Powerful 7.2-magnitude earthquake hits southern Mexico

‘Active shooter’ scare at Highline College in Des Moines, Washington

New York twin brothers arrested in bomb-making scheme

Massachusetts: Graciela Paulino charged with fatal shooting in Lowell

Former presidential candidate Mitt Romney announces Utah Senate bid


Listen to "BNO News - Breaking News Radio" on Spreaker.


Just want the important news? Sign up now for the fastest email alerts from BNO News. Click here to get started!


Powerful 7.2-magnitude earthquake hits southern Mexico

‘Active shooter’ scare at Highline College in Des Moines, Washington

Massachusetts: Graciela Paulino charged with fatal shooting in Lowell

Lockdown at North Broward Preparatory School in Coconut Creek, Florida

WATCH LIVE: Local TV coverage of Florida high school shooting


Trump blocks release of Democratic memo on Russia probe

Strong earthquake hits northeast Taiwan, killing at least 2

British court upholds arrest warrant against Julian Assange

‘Glee’ star Mark Salling found dead in apparent suicide

Canadian billionaire and wife were murdered, police say