Uber Paid Hackers $100,000 to Delete the Stolen Data and Keep Quiet About the Hack that Affected 57 Million Users

Elliot Brown/Flickr

Ubers became the target of a massive data breach. However, not like other hacks, the company took more than a year to its customers regarding the hack.

A blog post from Uber said that hackers were able to steal the personal data of around 57 million Uber users in a data breach. According to a report from Bloomberg, among those that were compromised were 7 million drivers, of which about 600,000 had their driver’s license numbers stolen. Uber states that the information did not include things such as credit cards or Social Security numbers.

Uber did not investigate regarding the said hack as the company was not aware of it. The Bloomberg report said that Travis Kalanick, the Uber CEO and co-founder, was only alerted in November 2016, a month after the hack occurred.

The Bloomberg report notes that instead of reporting the data breach to investigators, which the company was legally required to do, it contacted the hackers who were responsible for the said breach and paid them $100,000 to delete the data and remain quiet about everything. During the time of the hack, Uber was already in the process of negotiating with investigators regarding separate privacy violation claims — and it still did not report the data breach.

“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” stated the new chief executive officer of the company, Dara Khosrowshahi, who assumed in September, in the blog post of Uber. “We are changing the way we do business.”

Despite hiding the hack for a year, it does appear as though Uber is telling the truth in saying that it is “changing the way it does business” as Bloomberg reports that the company dismissed its chief security officer, Joe Sullivan, and one of the deputies of Sullivan for their roles in covering up the hack, which is at least a first step in changing its ways. The Uber blog post noted that “two of the individuals that led the response to this incident are no longer with the company.”

The Uber hack is not the first massive data breach of 2017. Earlier in 2017, Equifax, a credit reporting agency, was breached, possibly putting the information of 143 million residents of the United States at risk. The said hack took place sometime between May and July. However, it was only disclosed in September.