Uber paid $100K ransom to keep hack of 57M user accounts under wraps

Ridesharing service Uber was so motivated to hide the fact that 57 million user accounts had been compromised, it has admitted it paid $100,000 in ransom to keep the incident under wraps.

Uber Chief Security Officer Joe Sullivan was ousted from the company after it confirmed to Bloomberg that personal information for 50 million riders and 7 million drivers was compromised. Among the data stolen was 600,000 U.S. driver’s license numbers, as well as customer and driver names, email addresses and phone numbers.

The incident was not disclosed to authorities until this week, in a likely violation of the law. Instead, when the issue was discovered, Uber paid $100,000 to the hackers to have them delete the data they had obtained.

The hack and Uber’s failure to disclose were reportedly discovered by an outside law firm. Officials from Uber said they believe the data was never used after the ransom was paid.

The incident is the latest in a long string of bad news for Uber, which saw its founder and CEO Travis Kalanick removed by the company’s board in June. Kalanick, however, remains on the company’s board and controls multiple seats.

Following the revelation from Uber regarding 57 million users, New York Attorney General Eric Schneiderman announced his office has opened an investigation into the matter. A previous run-in with the New York attorney general led to Uber paying fines and taking steps to secure the privacy of customers.

Multiple states have since followed New York’s lead, as the attorneys general in Illinois, Massachusetts and Connecticut are staging their own independent investigations, according to The Hill.

In a post to his company’s blog, Uber Chief Executive Dara Khosrowshahi said he recently learned of the incident, which took place in 2016. Given the company’s failure to notify affected individuals, the CEO has asked former National Security Agency general counsel Matt Olsen to rethink the company’s security teams and processes.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and are working hard to earn the trust of our customers.”