A cyberattack exposed sensitive personal information belonging to tens of millions of Uber customers and drivers before the company hid the breach from public view for more than a year, the company revealed Tuesday.
The information includes names, email addresses and phone numbers of of 57 million people around the world, including around 600,000 U.S. drivers, according to a statement released by the company’s CEO, Dara Khosrowshahi.
“Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded,” the statement said. “At the time of the incident,” the statement added, “we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed.”
The statement said users’ personal information was accessed by two individuals via “a third-party cloud-based service” that Uber uses. Those individuals are no longer with the company, the statement noted.
“I’ve asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward,” the statement added.
The hack is the latest in a series of massive breaches – including the hack of that Equifax disclosed in September – that raise serious questions about companies’ ability to keep customer data safe in the digital age.
