CEO Dara Khosrowshahi released a statement today indicating that Uber concealed a massive security breach in 2016. Among other things, this breach led to the names and license numbers of over 600,000 drivers being downloaded by the hackers.
The concealed data security breach involved a $100,000 ransom to have the stolen data deleted and the breach kept quiet, Bloomberg reported.
Was Your Data Compromised?
Affected drivers are being notified by mail or email, according to Uber’s Help Center.
Khosrowshahi said no Social Security numbers, trip location, credit card or bank account numbers, or dates of birth fell into the hands of two people who were able to breach the system. This security breach did not affect corporate systems.
The data security breach did, however, lead to the exposure of 57 million Uber users, including 600,000 drivers. Information includes mobile numbers, email addresses, and, for drivers, their names and driver’s license numbers. Uber is offering help for drivers affected by the breach here. Their offer includes free credit monitoring and identity theft protection.
Uber learned about the data security breach a year ago—November 2016—and while they said they took steps to provide extra security, they did not inform drivers. Khosrowshahi apologized for this choice in his statement.
Uber’s Steps Toward Data Security
Khosrowshahi outlined several steps the company has taken to ensure the security of both customer and driver data. Khosrowshahi said he wants drivers secure whether affected by the breach or not.
His first step was to begin working with Matt Olsen to develop a security plan. Olsen is a co-founder of a cybersecurity firm and a former general counsel for the National Security Agency. He also implemented a method of notifying all affected drivers and offering them the credit monitoring and identity protection services. They are also notifying authorities, and monitoring the accounts of the users affected for fraud attempts.
Khosrowshahi also said there has been no fraudulent activities to date.
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said in the statement. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Hopefully this is also the end of Uber data security breaches. Maybe, it will also signal the start of more transparency on the part of the rideshare company.
