Uber data breach affects 57 mln users

Adjust Comment Print

In October 2016 hackers stole the personal data including names, email addresses and mobile phone numbers of 57 million customers and drivers from Uber Technologies Inc.

Two members of the Uber information security team who "led the response" that included not alerting users that their data was breached were let go from the San Francisco-based company effective Tuesday, according to Khosrowshahi. He was not at the helm when it happened. It identified the individuals and obtained assurances that the downloaded data had been destroyed, according to the statement. Instead, the company paid hackers to delete the data and keep the breach quiet.

As the United Kingdom data protection regulator has opened an investigation into the hack of customer and driver data at Uber, the maximum penalty could be about £500,000 ($662,350, €563,000) under current British law for organizations that fail to notify affected users and regulators when data breaches occur.

Uber would not confirm it paid this ransom.

Notably, the data breach comes as Uber looks to improve its image following the tenure of Uber's founder Travis Kalanick.

However, the information has now been revealed after the tech company's new CEO, Dara Khosrowshahi, opted to publicly announce it in a bid to reassure users he was making big changes. The hackers pulled it off by accessing a private GitHub coding site used by Uber software engineers and stealing login credential, which were then used to access data stored on an Amazon Web Services account.

"It doesn't appear that happened here", he said.

Marvell Poised to Buy Cavium
Murphy became the head of Marvell past year and has since started a restructuring effort to diversify the company's offerings. The Hamilton, Bermuda-based Marvell Technology makes storage and WiFi equipment while Cavium builds network equipment.

"We've been in touch with several state Attorney General Offices and the FTC to discuss this issue, and we stand ready to cooperate with them going forward", an Uber spokesperson said in a emailed statement.

The Uber chief said he only recently learned that outsiders had broken into a cloud-based server used by the company for data and downloaded a "significant" amount of information.

Jeremiah Grossman, chief of security strategy at security firm SentinelOne, says this was not a sophisticated hack.

It's also the latest major breach involving a prominent company that didn't notify the people that could be potentially harmed for months or even years after the break-in occurred. Did Uber security have any monitoring in place to alert them when such vast amounts of data were accessed? The hack introduces an unexpected factor in negotiations between SoftBank Group Corp. and Uber shareholders over a planned investment of as much as $10 billion, a deal Khosrowshahi has been championing. It was also in blue moon due to the sexual harassment case.

Law firm Keller Rohrback put out word on Wednesday that it is looking into the potential for a class action suit against Uber.

Khosrowshahi inherited a litany of scandals and a toxic workplace culture when he replaced Kalanick.