SoylentNews

edIII [soylentnews.org] writes:

Uber Paid Hackers to Keep Massive Cyberattack Quiet [bloomberg.com]

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

“None of this should have happened, and I will not make excuses for it.” - Dara Khosrowshahi***

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

*** - Note to ed, content was messed up because I stripped JS out. Believe that quote is attributed to this person, but it may belong to somebody else. Check the article for correctness please.

Is it just me, or does Uber dig itself deeper each time?

Original Submission