Uber’s former Chief Security Officer has come forward to explain the company paid hackers $100,000 in 2017 as part of a contingency plan for when it discovered its data had been breached.
Uber paid hackers to cover up data breach. The company concealed the hack that exposed data of users and drivers, which took place in October 2016.
Uber’s already poor year took a turn for the worse when it was revealed that the ride-hailing business hid a data breach for almost a year and paid cyber criminals $100,000 to erase the stolen data and remain silent.
“In late 2016, we became aware that two people outside the business had unlawfully accessed customer data stored on a third-party cloud-based service that we utilize,” writes Uber CEO Dara Khosrowshahi in a blog post dated November 21.
Hackers obtained the license numbers of 600,000 drivers in the United States, as well as the names, email addresses, and phone numbers of 57 million Uber users.
Hackers stole security credentials from a GitHub repository and exploited them to steal the data of 57,000,000 Uber drivers and passengers, according to Bloomberg. Around 600,000 U.S. drivers’ identities and license numbers were taken, as well as the names, email addresses, and phone numbers of 57 million Uber customers globally. Uber paid the hackers a $100,000 ransom in exchange for their help in keeping the event hidden.
Uber claims to have “obtained assurances that the downloaded data had been erased” and that “no indication of fraud or abuse connected to the event” has been found. The organization will provide free credit and identity theft protection to drivers whose license details have been hacked.
Khosrowshahi stated on Uber’s blog, “None of this should have occurred, and I will not make excuses for it.” “We’re altering our business model.”
Legal Consequences and Fallout
Companies must notify the authorities and impacted individuals about breaches of sensitive data, such as driver’s licenses, under state and federal legislation.
“The only way to have direct responsibility under security breach notification regulations is to not send notice,” Chris Hoofnagle of the Berkeley Center for Law and Technology told The Guardian. As a result, covering up a breach makes little sense.”
Uber has removed its top security officer, Joseph Sullivan, as well as one of Sullivan’s assistants. In reaction to Uber’s announcement, New York Attorney General Eric Schneiderman initiated an inquiry into the hack.
It’s possible that the federal government will get involved as well. Uber settled with the Federal Trade Commission (FTC) earlier this year on charges that it failed to keep sensitive user data safe.
Due to Uber’s arbitration agreement, passengers and drivers may have limited legal recourse if they are victims of identity theft or other fraud arising from stolen data, despite Uber’s promises to the contrary. Uber is not accountable for any losses, including lost data, originating from the use of their services, according to the agreement. The agreement applies to anybody who utilizes Uber’s services.
Individual and class action lawsuits are prohibited under arbitration agreements, which require legal issues to be resolved by a private arbitrator. Arbitration is less forgiving of litigants than jury trials.
Uber’s Struggles Aren’t Over
While Uber (with a market capitalization of $68 billion) is the most valuable startup in the United States, the firm has lately been embroiled in a series of controversies and is claimed to be losing money.
Following an investor revolt earlier this year, Khosrowshahi took over as CEO from co-founder Travis Kalanick. Kalanick created an aggressive “tech bro” culture that propelled Uber to unicorn status, but investors, headed by Fidelity Investments, were concerned that his confrontational leadership placed the firm in jeopardy. In a letter headed “Moving Uber Forward,” they requested his resignation.
The data hack is a blow for Uber, which is attempting to restore its image as one of America’s most reviled businesses.
Following a crisis involving hundreds of sexual harassment complaints, Uber offered $5 million to combat sexual assault and domestic abuse. In a complaint, the business is accused of stealing intellectual property from Google’s self-driving vehicle branch, Waymo. The New York Times reported in March that Uber utilized software to circumvent regulators in places where it was operating illegally. Uber has been sued many times by drivers who allege they are misclassified as independent contractors.
These episodes are simply the top of a scandal iceberg that has turned Uber into one of the most reviled firms in the United States. The hacking issue is a huge blow for Uber as it strives to rebuild its reputation under new leadership.
We’re keeping a close eye on the Uber data leak, and anybody who may have been impacted is encouraged to contact us for a free legal consultation.
Watch This Video-
Uber has agreed to pay $148 million to cover up the data breach that occurred in 2016. The settlement will also cover Uber’s legal fees, which could reach as high as $1 billion. Reference: uber data breach settlement.
Frequently Asked Questions
How did Uber respond to data breach?
A: Ubers response to the data breach was, We have been in contact with our partners and regulators who are taking steps to understand what occurred. We are continuing our investigation.
Who was behind the Uber data breach?
A: The data breach was the result of a hack by two hackers.
Has Uber ever been hacked?
Related Tags
- uber data breach case study
- uber data breach 2021
- uber data breach case study pdf
- how was uber hacked in 2016
- uber hacked 2021