UBER ADMITS COVER-UP OF HACK ON 57M RIDERS’ ACCOUNTS
Company says 57M users were affected
Uber is admitting to covering up a massive, year-old hacking attack that resulted in the theft of the names, email addresses and phone numbers of 57 million riders, a breach that one security analyst said underscores the need to update privacy laws in the U.S.
“Uber has a terrible disregard for the personal privacy of their customers and drivers,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, D.C. “They were actively collecting location data on their customers. They not only have lax security practices, they did their best to cover it up, so they should be heavily fined.”
Rotenberg said he was so concerned about Uber’s practices that in 2015 he proposed the Ride Share Privacy Act, which would have limited the company’s collection of personal data and forced it to delete passenger information after it was no longer needed.
Dara Khosrowshahi, CEO of the beleaguered San Francisco-based ridehailing service, criticized the handling of the data theft in a blog post on the company’s website yesterday.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts,” Khosrowshahi wrote. “You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.”
Part of the reason nothing malicious has happened is because Uber acknowledges paying the hackers $100,000 to destroy the stolen information.
In the wake of the hack, Khosrowshahi said the two staffers who led the response to the incident “are no longer with the company.”
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi wrote. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Yesterday’s revelation marks the latest stain on Uber’s reputation.
The company ousted Travis Kalanick as CEO in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.
Herald wire services contributed to this report.