It turns out ousted Uber CEO Travis Kalanick left behind yet another hidden scandal: the company paid a $100,000 payout to hackers after a data breach that left the data of 57 million customers and drivers exposed.
The San Francisco-based startup confirmed a Bloomberg story on Tuesday that hackers stole the personal data of millions of users, including the names and driver’s license numbers of 600,000 of its drivers, in October 2016. Uber paid the hackers in an effort to conceal the breach and said it subsequently identified the individuals involved and “obtained assurances” that the downloaded data had been destroyed.
Uber’s chief security officer, Joe Sullivan, and a lawyer who reported to him, Craig Clark, have been ousted for their roles in the breach and the cover-up.
“None of this should have happened, and I will not make excuses for it,” Uber CEO Dara Khosrowshahi said in a post discussing the incident.
Tuesday’s data breach revelations are yet another setback for Uber, a private company that is valued at about $70 billion. Kalanick, the company’s co-founder, was ousted as CEO in June after a string of scandals and controversies, including allegations of sexual harassment and technology theft. Kalanick was CEO when the 2016 breach and payout occurred.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi, who took over as chief executive at Uber in August, said in the breach post.
He said Uber has hired Matt Olsen, a former general counsel at the National Security Agency and director of the National Counterterrorism Center, “to help me think through how best to guide and structure our security teams and processes going forward.
Uber is in trouble with the law, again
New York Attorney General Eric Schneiderman on Tuesday launched an investigation into the incident. This isn’t his first run-in with the ride-hailing company — just last year his office reached a settlement with Uber over its collection and use of riders’ personal information and its delayed
In August of this year Uber reached a settlement with the Federal Trade Commission over allegations it made deceptive privacy and data security claims.
Uber has also come under fire over allegations of sexual harassment and a misogyny, culminating in a report from former Attorney General Eric Holder on its workplace culture. It has been subject to federal scrutiny for its use of Greyball, a software designed to mislead local regulators in order to prevent them from enforcing taxi regulations.
Uber has seen an exodus of top executives and talent in recent months and has faced numerous battles with local taxi regulators since its inception.
Should we all just assume our data is lost?
As much as this is a story about Uber’s ongoing problems, Uber is hardly the first company to lose customer data to hackers or to try to keep such an incident under wraps.
Credit reporting firm Equifax in September revealed that 143 million of its US-based users had their personal information compromised from mid-May through July 2017, including Social Security numbers, birthdates, addresses, and other data. Equifax