The Uber hack, in which the data of some 57 million US customers and their credit card details was stolen from the company starts to have a bad ring to it the more gets known about it.
At first it only came to light when newspapers wrote that Uber had paid a hacker to try and conceal it over a month ago. And if that wasn’t bad enough, it then appeared that Softbank, the Japanese corporation which is a major investor in Uber Technologies Inc, was informed some two weeks before the customers became aware that their data was stolen.
And now, the Wall Street Journal is reporting that the new Uber CEO, Mr Dara Khosrowshahi, knew of the hack around 15 September of this year, so two months before he decided it might be a good idea to inform their customers to check credit cards haven’t been defrauded by now.
When asked for a reaction, Uber stated that Mr Khosrowshahi had immediately ordered an internal investigation, which he wanted to complete before making the matter public.
Furthermore, Uber stressed once again that the fact that hackers were paid $100k to destroy the stolen data and not inform the consumers or authorities beforehand was a decision made by it’s former CEO, Mr Travis Kalanick, who resigned in June of this year.
Apparently, Mr Kalanick learned of the attack in November 2016 already and decide to authorize the payment.
Of course that leaves the question why the new CEO, Mr Khosrowshahi, was only informed of the hack two weeks after he took the helm.
So far, four US State authorities, the US Federal Trade Commission and three European governmental agencies have all opened inquiries to discover why it took Uber more than a year to disclose the hacking of consumer-sensitive data.
The scandal brings forth a reminder of the Equifax hack earlier this year, which also took a while before the public was finally informed.
Mr Bo Holland, a consultant who helps corporations respond to data breaches, stated: “In the U.S. today, most laws allow six to eight weeks for companies to notify regulators and consumers.”