The president of Uber revealed on Tuesday that the data of 57 million users around the world were pirated at the end of 2016.
Among those 57 million users are 600,000 drivers whose names and driver’s license numbers were pirated. The names of the users as well as their emails and mobile phone numbers were stolen, Dara Khosrowshasi said in a statement.
Based on an external investigation, the general director of Uber affirmed that the information about the journeys made, the credit card numbers and bank accounts, the social security numbers and the dates of birth of the users would not have been stolen.
Khosrowshasi, appointed to head the transport application company in August, said he was “recently” informed of the incident and that two people outside the company would be responsible.
“None of this should have happened and I will not give excuses for it,” he said, although he stressed that “the incident did not reach the company’s systems or its infrastructure.”
Two members of Uber’s information security team who “commanded the response” to the incident and did not alert users that their data had been violated were fired from the San Francisco-based company, according to Khosrowshasi.
According to Bloomberg, Uber paid $ 100,000 to pirates to destroy the information, without disclosing to users or drivers that their data were at risk.
“At the time of the incident, we immediately took measures to protect the data and put an end to unauthorized access, we identified these people and obtained assurances that the data collected would be destroyed,” Khosrowshahi explained.
“We have also implemented security measures to restrict access and strengthen the controls of our database accounts,” he added.
The CEO admitted that the fact that the information was disclosed one year after the facts is questioned. He believes that the company failed to immediately inform the victims of this piracy as well as the authorities.
He added that he has taken several measures to improve procedures, including enhanced data protection for drivers who were victims of hacking.
“Although we have no evidence of fraud or fraudulent use related to this incident, we are monitoring the affected accounts and have increased their protection against fraud,” he said.
Piracy is a further blow to Uber’s reputation, which tries to leave behind accusations of failures in the criminal record check of its drivers and sexual harassment within the company.