Uber concealed a massive breach of the personal information of 57 million customers and drivers in October 2016, failing to notify the individuals and regulators, the company acknowledged on Tuesday.
According to Bloomberg, which first reported on the breach, Uber paid the hackers responsible $100,000 to delete the data and keep the breach quiet.
âNone of this should have happened, and I will not make excuses for it,â Uber chief executive Dara Khosrowshahi said in a statement acknowledging the breach and cover-up.
Hackers stole personal data including names, email addresses and phone numbers, as well as the names and driverâs license numbers of about 600,000 drivers in the United States. The company said more sensitive information, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised.
In his statement, Khosroshahi said the company had âobtained assurances that the downloaded data had been destroyedâ and improved its security, but that the companyâs âfailure to notify affected individuals or regulatorsâ had prompted him to take several steps, including the departure of two of the employees responsible for the companyâs 2016 response.
Uber chief security officer Joe Sullivan was one of the two employees who left the company, Bloomberg reported.