Share

Uber reveals year old security breach, but it gets worse

Uber has revealed a security breach from a year ago which exposed records of over 57 million drivers and Uber customers.

The breach took place in late 2016, according to company sources, and the data which was compromised included information on both Uber drivers as well as Uber customers.  In the case of Uber customers, the compromised data may have included full names, email addresses and cell phone numbers.  Uber driver data, however, also included full driver's license numbers and, therefore, was potentially more damaging.  The revelation makes the already tense relationship between the company and its drivers more difficult.

But it gets worse.  Uber deliberately kept the security breach secret for almost a full year, apparently to protect the company during a particularly difficult period when it was dealing with accusations of a sexually hostile business environment and sensitive business negotiations in the UK.

But is gets worse.  Uber has also now revealed that it paid the hackers who stole their driver and customer data approximately $100,000 to destroy the data they had stolen.  Uber did not explain how they were assured that the data was actually destroyed after the "ransom" payment was made.

New Uber CEO Dara Khosrowshahi - who was not at Uber when the events took place - announced the security breach and payments to the hackers.  Not surprisingly, it has also been announced that Uber's Chief Security Officer at the time of the breach, cover up and payment - John Sullivan - is no longer with the company.