Uber has admitted to covering up a massive hack of 57 million users’ data by paying the people who stole it $132,000 to delete it.
The breach happened in 2016 and, on Thursday the ride-sharing company’s new boss Dara Khosrowshahi admitted there was a “failure to notify affected individuals or regulators” until now.
Mr Khosrowshahi said he had only recently learned of the matter himself.
The company’s admission that it failed to disclose the breach comes as Uber seeks to recover from a series of crises and that culminated in the removal of former boss, Travis Kalanick, in August.
“None of this should have happened, and I will not make excuses for it,” Mr Khosrowshahi said in a blog post.
According to the company’s account, two individuals downloaded data from a web-based server at another company that provided Uber with cloud-computing services.
The data contained names, email addresses and mobile phone numbers of some 57 million Uber users around the world.
The hackers also downloaded names and driver’s license numbers of some 600,000 of the company’s US drivers, Mr Khosrowshahi said in a blog post.
Bloomberg News reported that Uber’s chief security officer Joe Sullivan and a deputy had been ousted from the company this week because of their role in the handling of the incident.
The company paid hackers $132,000 to delete the stolen data, according to Bloomberg.
– with agencies