Ridesharing giant Uber has revealed that it was hit by a data breach that put the personal information of 57 million customers and drivers in hackers’ hands back in 2016, and it has fired chief security officer, Joe Sullivan, over the way that the breach was handled, along with one other individual who reportedly had a key role in deciding how the company would respond. Uber’s press release about the subject is a bit light on information about how exactly the hack was handled, aside from the fact that regulatory authorities and affected individuals were not properly notified, and protocol was not fired. According to a report from Bloomberg, Uber paid the individuals who had the data $100,000 to delete it without backing it up or redistributing it, then simply keep silent about the incident.
The data breach was carried out by two people, and did not target Uber’s own corporate infrastructure. Instead, they went after data stored on a third-party cloud service, and were able to successfully download details like names and phone numbers for somewhere around 57 million users, with around 600,000 of those users being drivers, whose driver’s license data was also downloaded. Though the company did take steps to protect the stolen data, those steps including hiding the incident so well that current CEO
This is far from the first time that the way former CEO Travis Kalanick handled things came back to bite the current CEO. Kalanick apparently found out about the breach in November of 2016, only a month after it happened. This comes on the heels of