Uber has revealed that, in late 2016, two hackers stole email addresses and phone numbers from Uber rider accounts, and the license numbers from U.S. driver accounts. Uber claims no credit card information, location data, or social security numbers were compromised. Yet, instead of disclosing the attack when it happened, Uber paid the hackers $100,000 to delete the data and keep it quiet.
Uber's co-founder and former CEO, Travis Kalanick, learned of the attack a year ago.
The company claims it took steps to lock down its data and prevent any further unauthorized access.
Khosrowshahi has fired chief security officer Joe Sullivan and Craig Clark, a senior lawyer that reported to Sullivan.
Uber (opens in new tab) as also posted a statement to its company website which, along with an apology, reads:
You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it. What I learned, particularly around our failure to notify affected individuals or regulators last year, has prompted me to take several actions:
- I've asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward. Effective today, two of the individuals who led the response to this incident are no longer with the company.
- We are individually notifying the drivers whose driver's license numbers were downloaded.
- We are providing these drivers with free credit monitoring and identity theft protection.
- We are notifying regulatory authorities.
- While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection.
This is a complete and utter cluster. The breach was bad enough. The cover-up, a potential show-stopper.
Uber was at the forefront of a logistical revolution. They completely transformed the way people arranged for, paid for, and engaged with transportation services. But under its original leadership, it also accumulated a startling number of scandals. And the number of times it violated customer trust and good faith is staggering. This is just the garbage cherry on top of the unacceptable sundae.
If the new leadership had a lot of rebuilding to do before, it has even more now. The question is, how many of us will give them yet another chance?
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.
Blimey. Can this company sink any lower?
Uber gets a lot of negative rep, I can see why they wanted to try and cover it up, but transparency wins over trying to save your reputation by hiding mistakes. They certainly do suck as a company, but I can't help but still get taxis from them because it saves me money 🙃
I'm in a fortunate enough financial position that I can afford to spend a bit more and avoid this egregious company, so I won't judge you for that. However anyone who can afford to not use them and still puts business their way needs to realign their moral compass.
As I said before, glad I never signed up for the first time.
Get the best of iMore in in your inbox, every day!
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.