Uber admits data breach cover up in 2016

on Nov 22, 2017

Uber’s CEO said Tuesday that the company had covered up a severe data breach in 2016. In a blog post, CEO Dara Khosrowshahi, detailed the breach and the cover up. It involved the online driver service paying hackers some $100,000, (£75,500) to keep the breach secret.

Uber Technologies Inc. isn’t a publicly listed company. However, there are private shareholders of the business. This news is the latest blow to the company which is expected to launch an IPO in 2019.

Recent discovery

While the data breach and cover up – where Uber paid hackers to delete the data of some 57 million user accounts they had hacked – occurred in 2016, Khosrowshahi said he only learned of it recently.

“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” the CEO said in his blog post. “The incident did not breach our corporate systems or infrastructure.”

Two employees were fired after the incident, in which 600,000 Uber driver’s names and license numbers were also obtained.

While it may seem strange that Uber is admitting to this breach now, a year after it happened, Khosrowshahi said transparency is important.

A more secure future

In his post, the Uber CEO details his thinking behind going public, now.

Following a thorough security investigation – ordered by Khosrowshahi – Uber is taking action to protect those involved. The driver app firm is also making plans to shore up its online security measures.

They include:

  • Notifying all 600,000 drivers.
  • Seeking advice from cybersecurity expert Matt Olsen on how to further tighten Uber’s online security.
  • Providing drivers with credit monitoring and identify theft protection
  • Notifying the regulatory authorities.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

Uber’s response to the breach, albeit a delayed one, continues to suggest the business still intends to become a public traded company. However, a lot more work still needs to be done to guarantee future profits and growth, to ensure enough investors are willing to take a punt on them.