Uber has admitted that it suffered a data breach in October 2016, with names, email addresses and mobile phone numbers of both drivers and riders around the world compromised.
More than 57 million users and 600,000 drivers around the world were affected by the breach, which CEO Dara Khosrowshahi says the company knew about in 2016 but he has only learned about since taking over the role from Travis Kalanick in September this year.
In a statement, Khosrowshahi said: “We have to be honest and transparent as we work to repair our past mistakes.” Uber has hired an outside cyber security firm to investigate the incident and help the company decide the best course of action moving forward, according to Khosrowshahi’s statement.
The company’s chief security officer Joe Sullivan and a member of his team have left the firm under allegations that they took part in paying the hackers US$100,000 to delete the information they managed to steal, according to Bloomberg. New York attorney general Eric Schneiderman has launched an investigation into the incident.
Khosrowshahi says Uber took “immediate” steps to stop the breach from spreading and the company believes no acts of fraud have occurred as a result of the data being stolen. It believes no trip location histories, credit card numbers, bank account numbers, or dates of birth were compromised.
Khosrowshahi commented: “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Uber has come under fire for not disclosing data breaches in the past, having been fined US$20,000 in January for hiding a 2014 incident. Regulation states that companies are required to disclose any hacking events.
The news is another PR disaster for new boss Khosrowshahi, who has already had to deal with Uber losing its private hire licence in London, losing an appeal over drivers’ rights in the UK and falling behind on business travel bookings in the US compared to its rival, Lyft.