Uber hack affecting 57 million people quiet for more than a year!
Uber have had their share of worries of late, most of them their own making. The hackers, the company told Bloomberg News, found the data on an Amazon cloud server used by the firm. To keep the Uber hack a secret, the company paid the hackers a ransom of $100,000.
“None of this should have happened, and I will not make excuses for it,” Uber’s chief executive, Dara Khosrowshahi, said in a statement acknowledging the breach and cover-up. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Hackers stole personal data including names, email addresses and phone numbers, as well as the names and driver’s license numbers of about 600,000 drivers in the United States. The company said more sensitive information, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised.
The Uber hack is one of the larger breaches to have been disclosed, albeit late, by a major firm, but should you be worried?
The company’s failure to disclose the breach was “amateur hour”, said Chris Hoofnagle of the Berkeley Center for Law and Technology. “The only way one can have direct liability under security breach notification statutes is to not give notice. Thus, it makes little sense to cover up a breach.”
Under California state law, for example, companies are required to notify state residents of any breach of unencrypted personal information, and must inform the attorney general if more than 500 residents are affected by a single breach.
“The hack and the cover-up is typical Uber only caring about themselves,” said Robert Judge, an Uber driver in Pittsburgh, who said he had yet to receive any communication from the company. “I found out through the media. Uber doesn’t get out in front of things, they hide them.”
As part of the cyberattack, the names and driver license numbers of around 600,000 drivers were accessed, according to Uber. 57 million Uber users also had their information exposed, including names, emails, and mobile phone numbers, the company said in a blog post. Uber said other personal information, including trip details or credit card information, was not accessed.
According to Bloomberg, Uber’s then-CEO Travis Kalanick first learned of the incident in November 2016, when Uber was finalizing a settlement with the Federal Trade Commission for privacy violations. The company instead chose to pay the hackers $100,000 to delete the information and stay quiet about the incident, the report said.
As a result, Uber’s new CEO Dara Khosrowshahi has reportedly asked for the resignation of Uber’s Chief Security Officer, Joe Sullivan, and a lawyer who reported to him.