Hackers stole the personal data of 57 million customers and drivers and the ride-hailing company allegedly paid them $100,000 to delete the information and go away’.
The data was compromised in October 2016, and Uber has managed to conceal the breach for more than a year, according to Bloomberg.
Uber claims they were involved in negotiations with US regulators about separate privacy violations at the time of the breach.
But the company now admits they were legally required to report the hack to regulators and to drivers whose license numbers were taken.
Joe Sullivan, Uber’s chief security officer, was fired this week for his role in keeping the hack quiet. One of Sullivan’s deputies was also fired for helping.
The hackers stole names, email addresses, and phone numbers from 50 million Uber riders worldwide.
Personal information from 7 million drivers was also compromised.
Uber claims that no one’s Social Security numbers, credit card details, or trip location information was stolen.
The company said they don’t believe the information was ever used. Uber also declined to release the identities of the hackers.
‘While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,’ new CEO Khosrowshahi said.