Company fires its chief security officer, says it will notify owners of the affected accounts. The New York State Attorney General is investigating.
Uber Technologies Inc. said it paid hackers $100,000 in an effort to conceal a data breach affecting 57 million accounts a year ago, a disclosure that adds to a string of scandals and legal problems for the world’s most highly valued startup, the Wall Street Journal reports. The ride-hailing firm fired its chief security officer and his deputy for their roles in the breach and for covering it up. In addition to the names, emails and phone numbers of millions of riders, about 600,000 drivers’ license numbers were accessed. Uber said financial information such as credit cards and Social Security numbers weren’t taken. Uber said it identified the hackers and “obtained assurances” they had destroyed the stolen data.
The San Francisco company said it would notify owners of the affected accounts in the coming days. While the scale of the breach pales in comparison with disclosures from Yahoo Inc. and Equifax Inc., Uber’s attempts to keep it quiet raise questions about whether officers still at the company were part of the effort. The New York State Attorney General’s office has opened an investigation into the breach. “None of this should have happened, and I will not make excuses for it,” said Chief Executive Dara Khosrowshahi. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.” Valued at $68 billion, Uber has a reputation for pushing the limits of the law in its pursuit of dominating the ride-hailing market.