It’s the latest international scandal to hit the beleaguered ride-hailing company.
The personal information of millions of Uber users was stolen by hackers over a year ago, in a massive cyberattack that the company has now admitted attempting to cover up.
Bloomberg reports that the data of 57 million Uber customers and drivers was breached in October 2016. In a bid to conceal the cyber-theft, senior figures at the ride-hailing firm agreed to pay the attackers responsible $100,000 (around £75,500) to delete the stolen information.
Legally, Uber was obliged to report the security breach to US regulators. However, the company has now admitted that it failed to do so, and also neglected to notify individuals whose personal information had been stolen.
The compromised data included the names, email addresses and phone numbers of 50 million Uber riders around the world, along with the personal details of around 7 million drivers.
The firm’s chief executive, Dara Khosrowshahi, publicly acknowledged both the hack and the attempted cover-up in a statement.
“None of this should have happened, and I will not make excuses for it,” he said. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Khosrowshahi confirmed that the revelations about the hack had prompted him to fire Uber’s chief security officer, Joe Sullivan, for concealing the breach. Another senior employee has also been ousted from the company.
Uber said that it did not believe that any of the stolen data was ever used. The company also said that no sensitive information, such as users’ credit card details, bank account numbers, birth dates, trip location information or other personal data, was stolen.
Khosrowshahi took over as Uber CEO in August, after the company’s controversial co-founder Travis Kalanick was forced to step down from the role following a string of international scandals.
These included claims by female employees that they had experienced sexual harassment and discrimination at Uber HQ, and the revelation that the company had used secret technology to evade law enforcement in cities where it violated local laws.
Kalanick was reportedly made aware of the hack in November 2016, just a month after it took place, but has declined to comment on the breach or the decisions surrounding it.
Robert Judge, an Uber driver living and working in the US city of Pittsburgh, told The Guardian that he had had no information from his employer about the hack, and only learned about it through news reports.
“The hack and the cover up is typical Uber only caring about themselves,” he said. “I found out through the media. Uber doesn’t get out in front of things, they hide them.”
An investigation into the hack has now been opened by the New York state attorney general’s office.
The company also plans to release a statement to customers, saying that it has seen “no evidence of fraud or misuse tied to the incident”.
Images: Pexels / Rex Features / iStock