Hackers stole data belonging to 57 million Uber users in 2016 – but the company kept it quiet, its boss has admitted.
The ride-hailing app’s chief executive, Dara Khosrowshahi, said two hackers had managed to download “personal information of 57 million users around the world”.
Names, email addresses and mobile phone numbers were among the details stolen.
According to Bloomberg News, the embattled company paid the hackers $100,000 to delete the data and keep quiet, instead of notifying regulators and the people affected.
The names and driving licence numbers of about 600,000 Uber workers in the US were also compromised in the October 2016 incident.
Uber says it does not believe its customers need to take any action.
“We have seen no evidence of fraud or misuse tied to the incident,” says a help page on its site.
“We are monitoring the affected accounts and have flagged them for additional fraud protection.”
Image: ‘None of this should have happened, and I will not make excuses for it,’ said Uber’s CEO
Mr Khosrowshahi said the data had been stolen from a “third-party cloud-based service” and that “we subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed”.
The chief executive, who joined the company in August, added in his statement: “You may be asking why we are just talking about this now, a year later.
“I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.
“None of this should have happened, and I will not make excuses for it.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Image: Details of the hack come as Uber fights against the loss of its London licence
The data breach comes as Uber looks to improve its image after bad publicity during the tenure of Uber’s founder Travis Kalanick, and the decision by transport bosses in London to take away its licence.
Mr Kalanick was ousted as chief executive in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.
Uber’s new boss said the company was now working with regulators on the breach and notifying drivers whose licence numbers were downloaded – as well as giving them credit monitoring and identity theft protection.
A review of its security is also taking place in conjunction with Matt Olsen, a former National Security Agency general counsel and cybersecurity expert.