Uber hid data breach that exposed info for 57 million users

Pat Wise
November 28, 2017

However, Khosrowshahi isn't about to defend his company's past behavior.

The large-scale global hack was confirmed by Uber CEO Dara Khosrowshahi in a blog post following a report by Bloomberg.

Several US senators are troubled with Uber's belated reporting of a 2016 data breach and demanding answers. It says there's no evidence the data was misused.

"I$3 n late 2016 we [Uber] became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use". That information included names, email addresses and mobile phone numbers, the company said.

"The company maintains that its outside forensic experts have not seen any indication that customer trip location history, credit card numbers, bank account numbers, Social Security numbers, or dates of birth were downloaded". It's not been disclosed whether the culprits were employed by the cloud provider that was apparently hacked.

Both letters include a list of questions, including whether the company sought to deliberately cover up the breach, if so why, and who authorized the $100,000 payment to the hackers. Regulators from around the globe including the U.S., EU, Mexico, Canada, Australia, and the Philippines are investigating the theft.

US Indicts 3 Chinese Nationals on Hacking Charges
Boyusec has been watched as a suspicious actor by Western security firms for several years. Song, of the Western District of Pennsylvania, in a statement.

Mom Who Killed Girl So They'd Both Be in Heaven Found Dead
But in the suicide note to her attorneys, Liltz wrote that she was exhausted of fighting and knew she wouldn't survive in prison. Liltz had tried to take her own life after she fed an overdose to her daughter through Courtney's feeding tube.

Grizzlies fire head coach David Fizdale
I'm sure (the coaching staff) knew that would hurt me the most. Memphis general manager Chris Wallace and team owner Robert J. "Feels like my man was a fall guy", James wrote.

The company is also under investigation by the Fair Work Ombudsman over the classification and treatment of its drivers.

So far, three putative class action lawsuits have been filed in California and OR alleging that Uber failed to protect consumer data. In some states, public notification is required within 30 days of when the company learns of the breach and may even require the company to notify the media when a considerable number of consumers are impacted.

Uber reached a consent decree with the Federal Trade Commission last August over privacy and data security practices, which the senators are concerned it may have breached, at least in spirit.

Beyond that, it is unknown how much additional personal information was also accessed. While the company was negotiating the bribe with the hackers, it was also in discussions with USA regulators over a separate privacy violation, and the company was also fined $20,000 a year ago for failing to disclose a smaller data breach that took place in 2014.

The incident, which occurred more than a year ago and was kept under wraps, has raised concerns about what a responsible disclosure should look like in the wake of a major security breach. It's unclear whether this news will trigger a renegotiation of the deal terms.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER