On Tuesday, November 21, 2017, Uber CEO Dara Khosrowshahi acknowledged the occurrence of a major data breach which took place in 2016 which may have affected up to 57 million accounts of both drivers and riders worldwide.
According to the Uber website, it is believed that two individuals were responsible for the hack and that data regarding the names and licences of several drivers worldwide as well as personal information of several millions of riders had been inappropriately accessed. Forensic experts from Uber, however, do not feel that information regarding trip location history, credit card numbers, bank account numbers, Social Security numbers, or dates of birth were accessed. Further, the statement by the CEO also mentions that the individuals responsible for the attack were identified and the stolen data destroyed.
This data breach comes on the heels of two further data breaches reported earlier this year by Equifax and Yahoo, both of which faced the Senate Commerce Committee earlier this year in response to the data breaches which affected several millions of users. In the hearing, Senator Bill Nelson had mentioned that “only stiffer enforcement and stringent penalties will help incentivize companies to properly safeguard consumer data.”.
In regards to action taken by Uber in response to the data breach, the website has listed several avenues addressed by the company in light of the above including but not limited to notifying regulatory authorities, providing free credit monitoring and identity theft protection to drivers and monitoring accounts for possibilities of fraud or misuse based on the incident.
However, if recent allegations are true, Uber may have a larger scandal on their hands. Various sources allege that over $100,000 was paid by the company to the two individuals behind the attack in exchange for their silence and a promise to destroy the stolen information. Reports say that at the time, the company had just learned about the incident and were in the middle of a settlement with the Federal Trade Commission in regards to privacy violations.
This is a developing story.