Uber apprently failed to disclose a massive breach last year that exposed the data of some 57 million users of the ride-sharing service, the company's new chief executive officer said on Tuesday.
Discovery of the company's handling of the incident led to the departure of two employees who led Uber's response to the incident, said Dara Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick.
Khosrowshahi said he had only recently learned of the matter himself.
The company's admission that it failed to disclose the breach comes as Uber is seeking to recover from a series of crises that culminated in the Kalanick's ouster in June.
According to the company’s account, two individuals downloaded data from a third-party cloud server used by Uber, which contained names, email addresses and mobile phone numbers of some 57 million Uber users around the world. They also downloaded names and driver’s license numbers of some 6,00,000 of the company’s US drivers.Dara Khosrowshahi, CEO, Uber
He said he had hired Matt Olsen, former general counsel of the US National Security Agency, to help him figure out how to best guide and structure the company's security teams and processes.
Also Read: Embattled Uber Picks Expedia’s Dara Khosrowshahi as New CEO
None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.Dara Khosrowshahi, CEO, Uber
Not only did Uber keep the breach information to itself, the cab-aggregator is also reported to have paid $1,00,000 to the hackers last year to keep their mouth shut about it.
The breach is said to have exposed the personal information of about 57 million accounts of the ride-service provider.
Discovery of the US company's cover-up of the incident resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.
However, Uber has clarified that passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring.
Two hackers gained access to proprietary information stored on GitHub, a service that allows engineers to collaborate on software code. There, the two people stole Uber's credentials for a separate cloud-services provider where they were able to download driver and rider data, the company said.
Uber has a history of failing to protect driver and passenger data.
Dara already has a lot on his plate ever since he’s joined Uber as its CEO, and this latest development only adds to his growing list of to-dos at the firm. Considering Uber sees India as one of its markets, it remains to be seen if the after-effects of this breach can hurt their business in the country.
(Breathe In, Breathe Out: Are you finding it tough to breathe polluted air? Join hands with FIT to find #PollutionKaSolution. Send in your suggestions to fit@thequint.com or WhatsApp @ +919999008335)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)