Uber confirms massive 2016 data breach

Paid hackers and kept breach quiet

Uber has confirmed that in October 2016 hackers gained access to the licence numbers of 600,000 of its US drivers and the personal information of 57 million Uber users from around the world.

The company’s chief executive, Dara Khosrowshahi, said the data included passengers’ names, email addresses and mobile phone numbers.

Khosrowshahi joined the company in August, replacing Uber founder Travis Kalanick as CEO.

“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” Khosrowshahi said in a statement.

“The incident did not breach our corporate systems or infrastructure.”

Bloomberg, which broke the story, reported that attackers had obtained credentials from a private Uber GitHub repository, which they used to access data stored on Amazon Web Service’s cloud. Uber kept the breach quiet and paid the hackers US$100,000 to delete the data, Bloomberg reported.

The newswire said that Uber chief security officer Joe Sullivan spearheaded the response to the breach and has now been ousted as a result. Uber confirmed that at least two executives have left the company over the handling of the breach.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said.

“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

The CEO said that after learning details of the breach, including the failure to notify the affected individuals and privacy regulators, he has ordered a “thorough investigation” into the company’s response.

The company is notifying regulatory authorities, it said.

Uber said it had seen “no evidence of fraud or misuse tied to the incident”.

Australian Information and Privacy Commissioner Timothy Pilgrim confirmed that his office has commenced inquiries with Uber.

“Incidents such as this are a timely reminder to Australians of the value of the personal information we provide in order to receive products and services,” Pilgrim said.

“As always, I encourage Australians to read privacy notices and ensure they are fully informed about what information is being exchanged in order to get the service, product or app they seek.”

“It is also a timely reminder to Australian businesses and agencies of the reputational value of good privacy practice, and the reputational risks that can follow mishandling of personal data,” he added.

In February 2018, Australia’s new data breach notification scheme comes into effect.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitydata breachcyber securitydata breachesdata breach notificationUber

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Rohan Pearce

Rohan Pearce

Computerworld
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?