Uber paid hackers to cover up data breach
SAN FRANCISCO - The chief of Uber on Tuesday gave details of the theft of personal information of 57 million customers after the US ride-hailing giant this week fired its chief security officer for concealing the data breach.
Uber CEO Dara Khosrowshahi acknowledged in a blog post on the company's official website that a year ago two hackers broke into a third-party cloud-based system that contained the private information of its customers.
Though he said there was no evidence to show that key personal information such as the customers' credit card, bank account and social security numbers had been stolen and abused, he admitted that other sensitive data had been illegally downloaded.
Such information included names, email addresses and mobile phone numbers of 57 million users around the world, and the names and license numbers of 600,000 drivers.
"We have to be honest and transparent as we work to repair our past mistakes," Khosrowshahi said. "None of this should have happened, and I will not make excuses for it."
He said his company is notifying the regulatory authorities about the theft for possible further investigation.
This week Uber fired its chief security officer Joe Sullivan, along with one of his subordinates.
Although payments to hackers are rarely publicly discussed, US Federal Bureau of Investigation officials and private security companies have said that an increasing number of companies are paying criminal hackers to recover stolen data.
"The economics of being a bad guy on the internet today are incredibly favorable," said Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security.
'God View'
Uber has a history of failing to protect driver and passenger data. Hackers previously stole information about Uber drivers and the company acknowledged in 2014 that its employees had used a software tool called "God View" to track passengers.
Khosrowshahi said on Tuesday he had hired Matt Olsen, former general counsel of the US National Security Agency, to restructure the company's security teams and processes. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.
Reuters - Xinhua
