In an astounding disclosure, ride-haling cab Uber has said that the hackers stole names and driver’s licence numbers of around 600,000 drivers in the United States and personal information of 57 million Uber users around the world, including the drivers described above.
This information included names, email addresses and mobile phone numbers.
“In late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure,” Dara Khosrowshahi, CEO, Uber said in a blog post.
As Uber’s CEO, it’s my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of. For that to happen, we have to be honest and transparent as we work to repair our past mistakes, added Khosrowshahi.
According to Uber’s outside forensics experts were not able to access trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth.
At the time of the incident, Uber took necessary steps to secure the data and shut down further unauthorised access by the individuals.
“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts,” Khosrowshahi noted.
Khosrowshahi is also in talks with Matt Olsen, a Co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Centre, to guide and structure our security teams and processes going forward.
Effective today, two of the individuals who led the response to this incident are no longer with the company, the company said.
Uber is individually notifying the drivers whose driver’s license numbers were downloaded and are providing these drivers with free credit monitoring and identity theft protection. Uber is also monitoring the affected accounts and have flagged them for additional fraud protection.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers,” Khosrowshahi emphasised.