Uber Security Breach Exposed Personal Data Of 57 Million Customers And Drivers

We may earn a commission from links on this page.

Uber concealed a massive breach for more than a year, in which hackers stole the personal data of 57 million customers and drivers from Uber, according to a new report from Bloomberg. The company’s new CEO, Dara Khosrowshahi, responded by saying he didn’t learn of the breach until recently.

According to Bloomberg, the October 2016 attack compromised names, email addresses and phone numbers of more than 50 million Uber riders from across the world. Additionally, the info of 7 million drivers was exposed, including 600,000 driver’s license numbers.


In a blog post, Khosrowshahi said that a forensic examination internally revealed no indication that Social Security numbers, credit card details, or trip location had been lifted.

Here’s more from Bloomberg:

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.


The company’s former CEO, Travis Kalanick, apparently learned of the attack within a month, Bloomberg reported.

Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data.


Kalanick declined to comment when reached by Bloomberg, which goes into how the hack worked at length.

As he has in recent weeks, Khosrowshahi again took to apologizing for Uber’s past issues and said he’s working diligently to change how the company operates. The new CEO said he brought on a former lawyer for the National Security Agency, and added that two individuals who led the response to the incident are no longer with the company.


“While I can’t erase the past,” he said, “I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”