Last October, personal data — including names, email addresses, phone numbers, and license numbers — from 50 million Uber riders and 7 million Uber drivers was breached. This is the first you’re hearing about it because rather than disclose the incident, Uber, according to a report from Bloomberg, covered it up. The company paid $100,000 to hackers in exchange for deleting the stolen information and keeping quiet. Joe Sullivan, Uber’s chief security officer, and one of his deputies, were fired this week for their involvement in the cover-up, Bloomberg also reports.
“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, Travis Kalanick’s replacement and Uber’s new CEO, told Bloomberg. “We are changing the way we do business.” Khosrowshahi also posted a lengthy piece on the company’s blog, detailing how he handled things once finding out about the cover-up, including bringing in a new security adviser and “notifying the drivers whose driver’s license numbers were downloaded” and “providing these drivers with free credit monitoring and identity theft protection.” “While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,” Khosrowshahi wrote.
Had Uber chosen to disclose the hack back in October 2016, it would have happened weeks after an Uber hotline operator allegedly laughed and hung up on a New York man who called and said he’d been sexually assaulted by his driver that September. And just before December, when shit — a lawsuit from a former employee alleging age discrimination and whistle-blower retaliation and Kalanick joining Trump’s economic-advisory council — really started to hit the fan for the ride-hailing company. Time to update the timeline of Uber’s infamous screw-ups.