Uber confesses it covered up a huge data breach

Confession comes as part of DoJ settlement

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Uber has admitted it covered up a major data breach in 2016 that led to user data being leaked online.

The US Department of Justice (DoJ) said in a press release the taxi company, “admits that its personnel failed to report the November 2016 data breach to the Federal Trade Commission despite a pending FTC investigation into data security at the company.”

Uber’s confession came as part of a settlement which will see it avoid criminal prosecution from the DoJ.

Hush money

The hack, which happened in October 2016, started with stolen credentials to a private source code repository, and ended with the theft of sensitive data on 57 million people, including both Uber customers, and drivers.

The data that was stolen included full names, email addresses, and phone numbers, as well as driver license numbers, which cybercriminals can utilize to engage inidentity theft, for example.

Even though the hack happened in 2016, it was only disclosed a year later. Allegedly, both the company CEO at the time, Travis Kalanick, and the Chief Security Officer (CSO), Joe Sullivan, knew of the breach and tried to cover it up, paying the hackers $100,000 to delete the data and never speak of it again.

Kalanick was later ousted from his position, and succeeded by Dara Khosrowshahi who, upon learning of what had happened, fired Sullivan, and reported the whole thing to the authorities.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Uber fined £385,000 following UK data breach>Uber lets you send anyone an email claiming to be from Uber.com>These are the best identity management tools right now

Sullivan was also later charged with obstruction of justice, for trying to hide the breach from both the FTC and Uber management, with his trial set to begin in roughly a month.

Another reason why the DoJ decided not to press criminal charges against Uber was because of an agreement the company made with the FTC in 2018, to report any future cyberattacks to the government. Uber had also paid $148 million to settle civil litigation that was tied to the data breach.

Via:The Verge

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Latest Google Pixel update includes surprise launch of Android 15’s best battery feature