In October 2016 Uber suffered a data breach that saw the names, email addresses and mobile phone numbers of some 57 million users and driver partners exposed.
The real kicker is that Uber didn’t disclose this breach at all.
Bloomberg reports that the breach involved two attackers accessing a private code site located on Github. After obtaining login credentials from that site, the attackers accessed data stored on an Amazon Web Services account where an archive of rider and driver information existed.
Uber insists that location history, bank account numbers, dates of birth and credit card number information was not compromised. However, the drivers license numbers of 600 000 drivers in the US were compromised.
These drivers have been notified and Uber is providing these drivers with free credit monitoring and identity theft protection.
Uber’s new chief executive officer Dara Khosrowshahi who replaced Travis Kalanick said in a statement that the company is changing the way it does business and will focus on “putting integrity at the core of every decision we make.”
“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” said Khosrowshahi.
We hope you can Uber.