Uber Paid Hackers $100000 to Hide a Major Data Breach

Have you been pwned?Jaap Arriens  SIPA USA  PA Images

Uber admitted Tuesday to covering up a massive cyberattack by paying hackers $100,000 so they wouldn't reveal that they had stolen sensitive information from 57 million customer and driver accounts.

At the time, the company was dealing with regulators investigating privacy breach claims with Uber, which could explain why former CEO Travis Kalanick kept the hack secret.

"None of this should have happened, and I will not make excuses for it", he added.

Forty-eight states have security breach notification laws which require companies to disclose when hackers access private information, including California, where Uber is headquartered.

Uber is reeling from a new controversy over revelations that the company tried to cover up a massive breach previous year in which hackers pilfered information from 57 million of its customers.

"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes", Mr Khosrowshahi said.

"I use Uber all the time; it's a shame we can't trust these companies", said one rider.

"We are working closely with other agencies including the [National Crime Agency] NCA and [Information Commissioner's Office] ICO to investigate how this breach has affected people in the United Kingdom and advise on appropriate mitigation measures", the spokesperson said, but added that the NCSC has seen no evidence that financial details have been compromised.

The common element of these breaches - use of a third-party cloud service - highlights the importance for companies to tightly control their use of such services, and to protect the data stored on them. Uber says the response to the hack was handled by its chief security officer, Joe Sullivan, a former federal prosecutor whom Kalanick lured away from Facebook in 2015.

The company's reputation has already been dragged through the mud this year, and for many, the breach and cover-up was the icing on the cake. As of Wednesday, attorneys general in New York, Massachusetts and Missouri had announced investigations.

Uber has set up a website for users who have been affected.

Two employees responsible for the hack were fired by the company.

Regulators in Australia and the Philippines said they would look into the matter.

James Dipple-Johnstone, the deputy commissioner of the information watchdog, said: "Uber's announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics".

Grossman says the breach may not change consumer behavior, but it will be costly for the company. The company has been embroiled in a number of controversies, including using software called Greyball to evade regulators, a court battle over allegedly stolen secrets from Google's self-driving auto division, and a slew of complaints regarding sexual harassment and toxic company culture.

Related news:

Hot News