Global transportation company Uber revealed that it was the victim of a data breach in October 2016 that affected 57 million driver and rider accounts compromising information on driver and rider names, emails, and telephone numbers, the company told Bloomberg on Tuesday.
The personal information of about 7 million drivers was accessed including about 600,000 U.S. driver’s license numbers. However, no Social Security numbers, credit card information, trip location details or other data were taken,
The incident led to the sack of the company’s chief security officer, Joe Sullivan, for keeping the breach a secret for more than a year. After the incident, two hackers approached Uber demanding payment for the stolen data and proof of the deletion of the data. Uber did not make the breach public and instead paid the hackers $100,000 to ensure the stolen data was expunged.
Dara Khosrowshahi, who took over as chief executive officer in September said in an emailed statement:
None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers
The issue came to light recently after months of investigation by Uber’s board into the company’s past, in which board members looked at its internal practices. Dara Khosrowshahi said he only recently learned of the incident and decided to take action.