Boston Herald

UBER ADMITS COVER-UP OF HACK ON 57M RIDERS’ ACCOUNTS

Company says 57M users were affected

- By MARIE SZANISZLO and OWEN BOSS DIGITAL

Uber is admitting to covering up a massive, year-old hacking attack that resulted in the theft of the names, email addresses and phone numbers of 57 million riders, a breach that one security analyst said underscore­s the need to update privacy laws in the U.S.

“Uber has a terrible disregard for the personal privacy of their customers and drivers,” said Marc Rotenberg, executive director of the Electronic Privacy Informatio­n Center in Washington, D.C. “They were actively collecting location data on their customers. They not only have lax security practices, they did their best to cover it up, so they should be heavily fined.”

Rotenberg said he was so concerned about Uber’s practices that in 2015 he proposed the Ride Share Privacy Act, which would have limited the company’s collection of personal data and forced it to delete passenger informatio­n after it was no longer needed.

Dara Khosrowsha­hi, CEO of the beleaguere­d San Francisco-based ridehailin­g service, criticized the handling of the data theft in a blog post on the company’s website yesterday.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthoriz­ed access by the individual­s. We subsequent­ly identified the individual­s and obtained assurances that the downloaded data had been destroyed. We also implemente­d security measures to restrict access to and strengthen controls on our cloud-based storage accounts,” Khosrowsha­hi wrote. “You may be asking why we are just talking about this now, a year later. I had the same question, so I immediatel­y asked for a thorough investigat­ion of what happened and how we handled it.”

Part of the reason nothing malicious has happened is because Uber acknowledg­es paying the hackers $100,000 to destroy the stolen informatio­n.

In the wake of the hack, Khosrowsha­hi said the two staffers who led the response to the incident “are no longer with the company.”

“None of this should have happened, and I will not make excuses for it,” Khosrowsha­hi wrote. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

Yesterday’s revelation marks the latest stain on Uber’s reputation.

The company ousted Travis Kalanick as CEO in June after an internal investigat­ion concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.

Herald wire services contribute­d to this report.

?? YUI MOK / PA WIRE ?? COMPROMISE­D: Uber has confirmed that hackers stole the personal informatio­n of 57 million riders and drivers last year.
YUI MOK / PA WIRE COMPROMISE­D: Uber has confirmed that hackers stole the personal informatio­n of 57 million riders and drivers last year.
?? AP FILE PHOTOS ?? CHANGES COMING: FCC Chairman Ajit Pai, right, plans to scrap rules designed to make sure internet providers treat all content equally.
AP FILE PHOTOS CHANGES COMING: FCC Chairman Ajit Pai, right, plans to scrap rules designed to make sure internet providers treat all content equally.
?? ??
?? ??

Newspapers in English

Newspapers from United States