Uber has paid hackers $100,000 to keep quiet after they accessed the personal information of 57 million users. The company acknowledged the hack and their failure to disclose the information to its users on Tuesday. Uber chief executive Dara Khosrowshahi wrote in a statement: “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Two employees sacked in relation to the hack
The hackers managed to steal the names, email addresses and phone numbers of both users and drivers in the United States. The company assured its customers that more sensitive information such as such credit card numbers, bank account numbers, location data and birth dates, had not been accessed by the hackers. The statement issued on the company’s website described how the company has had guarantees made by the hackers that the stolen information was destroyed. They go on to say that the company’s security methods have been improved. The hack has cost several Uber employees their jobs. The employees who were responsible for the “failure to notify affected individuals or regulators” have been asked to step down. Online media has reported that Uber chief security officer Joe Sullivan was one of the employees who has been fired over the incident.
Robert Judge, an Uber driver in Pittsburgh, was not surprised about the cover-up. “The hack and the cover-up is typical Uber only caring about themselves,” he said. “I found out through the media. Uber doesn’t get out in front of things, they hide them.” Uber has released a separate statement to drivers affected by the hack and has promised free credit monitoring and identity theft protection.
Personal data was kept unencrypted
The hack was reportedly able to occur because the information was stored unencrypted on Amazon servers. The hackers gained access to the information by obtaining the login information to these servers. The wider legal consequences of the hack and the company’s failure to act are not yet known. The United States Appeals court system is yet to reach a unanimous decision on how to treat lawsuits pertaining to data breaches. Some courts have determined that class action lawsuits can be filed using evidence that their identities face a risk of security, whereas other courts require potential plaintiffs to present evidence that their personal identities have already been mishandled. Uber has had a terrible year of publicity.
Hack scandal the latest in a string of disasters for the company
The ride-sharing app has been at the center of a string of scandals and misfortunes. In the United States, Uber was accused of taking advantage of New York taxi workers' strike as a protest against the Republican Administration proposed travel ban. Later came allegations from a former employee exposing the company for cultivating a workplace rife with sexual harassment. In more recent news the company suffered a huge loss when the Transport for London failed to renew its license to operate in London. The New York state attorney general’s office has opened an investigation into the Uber data breach and coverup.