Uber apparently suffered a big cyberattack in October of 2016 where confidential information was exposed of over 57 million drivers and customers, according to a report published by Bloomberg. At the time, former CEO Travis Kalanick was informed of the cyberattack one month after it had occurred, but he decided to not announce the hack publicly. In fact, Chief Security Officer Joe Sullivan and his subordinates, according to the report, helped conceal the attack. This led to Uber firing the executive and another individual this week.
The company was in touch with the hackers that stole the data. It paid the $100,000 ransom to delete the data and not publicize about the breach to any media outlets or regulators. “None of this should have happened, and I will not make excuses for it,” current CEO Dara Khosrowshahi told Bloomberg. “We are changing the way we do business.”
Uber has also declined to identify the attackers. Speaking in terms of what dat was exposed, it includes names, email addresses, and phone numbers of more than 50 million Uber riders worldwide, as well as more than 7 million Uber drivers had their data exposed in a similar manner. Around 600,000 drivers had their driver’s license numbers exposed as well.
Here’s what really interesting of the timing when the breach occurred. Bloomberg says that Uber, at the time of when the break occurred, was in talks with US regulators over separate privacy violations and had just settled with the Federal Trade Commission over mishandling of consumer data. This led to Chief Security Officer Joe Sullivan to cover up the incident. All of this started when Uber’s board of directors initiated an investigation of Sullivan’s team last month. This led to the disclosure of the hack and the concealment activity.