Uber faced a data breach in 2016 that affected some 57 million customers, including both riders and drivers.
This data breach possibly reveals their names, email address and phone numbers, which affected group with 50 million riders and 7 million drivers.
600,000 driver license numbers for U.S. drivers were also included (source; Bloomberg).
Uber CEO knew this incident about a month later when it happened. Instead of reporting the incident to regulators or to affected people. they paid $100,000 to hackers to conceal the breach.
Bloomberg report says that no security numbers or trip location information was taken in the attack and that it doesn’t believe the info that was leaked was ever used, though it doesn’t specify who was responsible.
Uber Chief Security Officer Joe Sullivan and a key senior deputy to the CSO have been removed from the company this week, specifically for their roles in keeping the cyber attack secret.
The attackers attempted to gain login credentials for an Uber Amazon Web Services account by using a private GitHub site which is maintained by Uber engineers.
2016 is not a good year for Uber.
In January, In response to Uber’s refusal to go along with the strike and Kalanick’s working with Trump, the hashtag #DeleteUber begins trending. Rival rideshare service Lyft donates $1 million to the ACLU to underscore its difference with Uber.
In February, former Uber employee Susan Fowler details sexual harassment at Uber’s headquarters, became the wide-ranging problem.
“When I reported the situation, I was told by both HR and upper management that even though this was clearly sexual harassment and he was propositioning me, it was this man’s first offense and that they wouldn’t feel comfortable giving him anything other than a warning and a stern talking-to. Upper management told me that he ‘was a high performer’ (i.e. had stellar performance reviews from his superiors) and they wouldn’t feel comfortable punishing him for what was probably just an innocent mistake on his part.”
In March, The New York Times reveals that Uber used a software tool called “Greyball” to avoid authorities in cities where the company was illegally operating, part of a string of embarrassing revelations about the company including poor information security.
In May, Uber admitted that it underpaid drivers in the New York City area and pays millions of dollars in back wages. Uber says the underpayments were due to a “miscalculation.”
In June, Kalanick resigned and sued for fraud by an early investor in Uber.
In August, Dara Khosrowshahi is appointed as the new CEO.
In October, Bloomberg reveals that Uber is facing five separate federal investigations.