Ride-service company, Uber, has disclosed on Tuesday that it paid hackers one hundred thousand dollars to keep secret a massive breach last year. The breach reportedly exposed the personal information of about 57 million accounts of the company.
Two hackers were paid $100 thousand to destroy the data they’ve stolen from Uber and to stay quiet. The data was stolen in October 2016 and contained names and driver’s license numbers for seven million drivers across the world (more than half a million in the US) as well as names, email addresses and cell phone numbers of millions of customers.
Uber stated other valuable information such as social security numbers and dates of birth were not compromised. There was also no proof the stolen data was used for illegal purposes, according to the company.
Dara Khosrowshahi, CEO of Uber, said the people responsible for the cover-up have been fired. The company’s chief security officer, Joe Sullivan, and a deputy, Craig Clark, were let go this week for their hand in the incident.
“None of this should have happened, and I will not make excuses for it,” he wrote on the company’s blog.
Sullivan was a former security official at Facebook Inc. and a federal prosecutor. He then served as both security chief and deputy general counsel for Uber.
The company discovered the breach after commissioning a probe by an outside law firm. Co-founder and former CEO of Uber, Travis Kalanick, was at the company’s helm when the breach occurred. He reportedly learned of the hack a month after it happened, just when the company was fighting with regulators over its data security. Kalanick was replaced by Khosrowshahi as CEO of Uber in August last year. Kalanick, however, remains on the company’s board of directors.
Both Kalanick and Sullivan declined to comment when reached for a response.
Image Source: WikipediaCommons