SAN FRANCISCO — Uber on Tuesday disclosed it was the victim of a data breach last October that affected 57 million driver and rider accounts and that it fired its chief security officer, Joe Sullivan, for keeping the breach a secret for more than a year.
The ride-hailing company said information on driver and rider names, emails and telephone numbers had been compromised by the attack. After the breach, two hackers approached Uber demanding payment for the stolen data and proof of the deletion of the data. Uber did not make the breach public and instead paid the hackers $100,000 to ensure the stolen data was expunged.
The issue came to light in recent months after an investigation by Uber’s board into the company’s past, in which board members looked at several internal practices. Dara Khosrowshahi, who was chosen to be the chief executive in late August, said he only recently learned of the incident and decided to take action.
“None of this should have happened, and I will not make excuses for it,” Mr. Khosrowshahi said in a company blog post. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
The revelation of the breach and the way it was kept quiet raises more questions about the tenure of Travis Kalanick, Uber’s co-founder who was chief executive at the time of the breach.
Continue reading the main story