Washington: Uber hide a massive global breach of the personal information of 57 million customers and drivers in October 2016, failing to notify the individuals and regulators, the company acknowledged on Tuesday.
Uber also confirmed it had paid the hackers responsible $100,000 to delete the data and keep the breach quiet, which was first reported by Bloomberg. “None of this should have happened, and I will not make excuses for it,” Uber’s chief executive, Dara Khosrowshahi, said in a statement acknowledging the breach and cover-up. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Hackers stole personal data including names, email addresses and phone numbers, as well as the names and driver’s license numbers of about 600,000 drivers in the United States. The company said more sensitive information, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised.
The details of the attack remained hidden until Tuesday. The ride-hailing company said it had discovered the breach as part of a board investigation into Uber’s business practices. Uber said in a statement to drivers that it would offer those affected free credit monitoring and identity theft protection.