Uber Technologies has admitted that it did cover up an October 2016 massive cyber security attack that exposed the private data of its 57 million customers and drivers.
The latest admittance by Uber is part of a settlement with the US Department of Justice to avoid criminal prosecution.
According to a press release from the DOJ, the mobility service provider in a move not to face prosecution for the cover-up, “admits that its personnel failed to report the November 2016 data breach to the [Federal Trade Commission] despite a pending FTC investigation into data security at the company”.
It would be recalled that in October 2016, Hackers who compromised Uber’s webpage had used stolen credentials to access a private source code repository, then obtained a proprietary access key used in accessing and copying large quantities of data associated with Uber’s users and drivers, including data pertaining to approximately 57 million user records with 600,000 driver’s license numbers.
The cyber attack had the hackers having access to names, email addresses, and phone numbers of more than 50 million Uber riders worldwide, while more than 7 million Uber drivers had similar data exposed on top of driver’s license numbers for around 600,000 US drivers.
The data breach only got to the public forum a year after, when the company publicly disclosed it, as reported by Bloomberg, with the company allegedly paying its hackers a $100,000 ransom to delete the data and not publicize the breach to media or regulators.
The scandal led to the ouster of then Uber CEO, Travis Kalanik, with the newly appointed CEO Dara Khosrowshahi, admitting that the cover-up should not have happened.
The settlement posits that Khosrowshahi and his team had after discovering it a year later after it happened, reported the breach to the public, drivers, and government authorities.
Uber’s decision to publicly disclose the breach and its agreement with the FTC to report subsequent cyber attacks to the government regulators was perhaps the saving grace and the decision not to face prosecution. The settlement also noted that the company paid $148 million to settle civil litigation tied to the data breach.
Aside the ouster of Kalanik, the Chief security officer of Uber, Joe Sullivan was given the marching orders, as he was found to be complicit in the cover-up. He was later charged with obstruction of justice for trying to hide a data breach from the FTC and Uber management, with his case scheduled to come up September this year.
Ayoola Faseyi, an Abuja based Journalist with interest in Technology and Politics. He is a versatile writer with articles in many renowned News Journals.
He is the Co-Founder of media brand, The Vent Republic.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
