Uber Paid Hackers $100,000 to Delete Stolen Data on 57 Million People

Michael van der Galien | 10:00 PM on November 21, 2017
(Shutterstock)

This week Uber fired its chief security officer and one of his deputies. The reason? They had concealed a massive security breach for more than one year. And that’s not all: in order to convince the hackers to delete the information on 57 million people, the security officers paid the hackers $100,000.

Advertisement

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

Dara Khosrowshahi, who became the company’s CEO back in September, has published a long statement at Uber’s website explaining “that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure.”

Uber’s outside forensics experts “have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded,” he continued. “However, the individuals were able to download files containing a significant amount of other information.”

That information includes names, email addresses, and mobile phone numbers of 57 million Uber customers around the world, and the names and driver’s license numbers of 600,000 drivers in the United States.

Advertisement

According to Khosrowshahi, Uber made sure that the hackers deleted the downloaded data when the company cut the deal with them. Additionally, Uber “also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

In order to make sure that the hackers don’t renege on the deal, Uber is “monitoring the affected accounts and have flagged them for additional fraud protection.” The company is also providing the 600,000 American drivers “with free credit monitoring and identity theft protection.” Finally, Khosrowshahi is working with former NSA general counsel Matt Olsen to help him “think through how best to guide and structure our security teams and processes going forward.” As part of those security reforms, Uber’s chief security officer and his deputy were let go.

Michael van der Galien

Michael van der Galien is the owner of Dutch news and opinion website De Dagelijkse Standard (English version: Daily Standard Global), a freelance journalist and columnist, and blogger at PJ Media. He can be contacted on Twitter: @MichaelvdGalien.

Category: NEWS & POLITICS

Recommended

Democrats May Regret Trying Trump in N.Y. Court After His Latest Announcement Victoria Taft
Belmont Club: Flashpoints Richard Fernandez
Karma Reigns: Harvard HamaNazis Wake Up to a Super-Soaking Kevin Downey Jr.
Top Democrat Sued for Defamation Matt Margolis
Old Joe Biden Goes to an Abortion Rally, Does the Most Tone-Deaf Thing Imaginable Robert Spencer
What Do New Documents in 'Plasmic Echo' Case Reveal About the Feds' Surveillance of Trump? Greg Byrnes

Trending on PJ Media Videos

Join the conversation as a VIP Member

Advertisement
Trending
Editor's Choice
Campaigning From a Courtroom Is How Trump Will Win
The Facets of Fascism
Is It Time to Fear a Recession — or Something Else?
Advertisement