The breach occurred in October 2016, but Dara Khosrowshahi, who is replacing co-founder Travis Kalanick as CEO, said he had only recently learned of it. Discovery of the US company’s cover-up of the incident resulted in the firing of two employees responsible for its response to the hack, according to Reuters.
The stolen information included names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 US drivers. Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said.
The company had begun notifying regulators and the New York attorney general has opened an investigation. The company’s chief security officer was fired and the new CEO has hired Matt Olsen, former general counsel of the US National Security Agency, to restructure the company’s security teams and processes. Uber also hired Mandiant, a cybersecurity company owned by FireEye, to investigate the breach.
Uber has a history of failing to protect driver and passenger data, according to Reuters. Hackers previously stole information about Uber drivers and the company acknowledged in 2014 that its employees had used a software tool called “God View” to track passengers.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now