Ride-sharing firm Uber Technologies Inc failed to disclose a serious security breach in 2016 that exposed the data of 5.7 crore customers, the company’s Chief Executive Officer Dara Khosrowshahi said in an official blog post on Tuesday. The hackers also downloaded the names and licence numbers of six lakh drivers, Khosrowshahi said.
Uber paid hackers $1,00,000 (Rs 6,47,70,00) to keep the breach a secret, according to a Bloomberg report.
The chief executive officer said that while the names and addresses of customers were accessed in the hack, forensic experts believe that there was no indication that other details like trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth were compromised.
Khosrowshahi said the hackers were “two individuals outside the company” who “inappropriately accessed user data stored on a third-party cloud-based service that we use”. However, he claimed that the incident did not breach the company’s corporate systems or infrastructure.
Khowsrowshahi said that two employees responsible for the response to the data breach “are no longer with the company”. These two individuals are Chief Security Officer Joe Sullivan and his deputy Craig Clark, Bloomberg reported citing unidentified company officials.