Uber continues to lower the bar for companies everywhere.
At the end of 2016 hackers stole the personal information of 57 million Uber users and drivers around the world, including names, email addresses and mobile phone numbers. 600,000 drivers’ names and license numbers were also taken in the the hack.
The company kept quiet about the breach for over a year, failing to notify regulators or individuals when it became aware of the breach. Instead it dealt directly with the hackers to cover up the breach.
“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” Khosrowshahi wrote.
According to Uber, trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth were not downloaded.
Bloomberg reports Joe Sullivan, Uber’s chief security officer, and one of his deputies who led the response to this incident are no longer with the company.
According to Bloomberg, Uber paid hackers $100,000 to delete the data and keep the breach quiet.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorised access by the individuals,” Khosrowshahi wrote.
“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”
Khosrowshahi was appointed in August following a tumultuous year for the ride hailing company including a swathe of cultural problems that lead to the ousting of CEO Travis Kalanick. He’s admitted that Uber needs to clean up its act.
“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”