Uber CEO Dara Khosrowshahi is coming clean about an incident at Uber from last year—one in which the personal information of 57 million riders and drivers was stolen.
In a public statement, he acknowledged that unauthorized users finagled access to Uber’s account with a third-party cloud provider. They were able to download 600,000 names and accompanying driver’s license numbers as well as the names, email addresses, and phone numbers of some 57 million riders and drivers. The ride-hailing company did not disclose the attack to either customers, drivers, or regulators.
Uber recovered the data, held at ransom, for $100,000, according to Bloomberg. The company “obtained assurances that the downloaded data had been destroyed” and implemented new security measures. Khosrowshahi says he’s now taking steps to create a better cybersecurity infrastructure. He’s hired Matt Olsen, former director for the National Counterterrorism Center, to help establish a revamped structure for its security teams. The company is also investigating the hack with a third party and has reached out to regulators.
In the interim, affected drivers are being notified. Uber will also pay for identity theft protection for these drivers as well as credit monitoring.
Khosrowshahi says, “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”