It looks like Uber is about to be subjected to even more scrutiny, as it has emerged that the online taxi app suffered a huge data breach more than a year ago. During this, hackers made off with the details of 57 million drivers and customers. In an effort to cover it up, Uber ended up paying the attackers $100,000 to keep it quiet.
The initial breach took place in October 2016, after this all became public knowledge, Uber fired its Chief Security Officer and one of his deputies for their roles in avoiding disclosure and putting users at risk. Data stolen during the breach included names, email addresses and phone numbers of 50 million active Uber users. On top of that, the details of 7 million drivers were also stolen, including 600,000 US driver’s license numbers.
According to Bloomberg, Uber confirmed that no Social Security numbers were taken. Banking details and trip location details were also left untouched. At the time that this incident took place, Uber was negotiating with US regulators over claims of privacy violations. The company now recognizes that it had a legal obligation to disclose the hack, rather than paying off the attackers in hopes that the information would be deleted.
According to the report, a class-action lawsuit is already underway, with Uber customers citing negligence in the way Uber handled the data breach.
KitGuru Says: Clearly, Uber went about this situation in all the wrong ways. Not only should drivers and customers have been informed so that they could take steps to protect themselves, but the attackers also should not have been paid. Do many of you use Uber at all?