Hackers accessed the information of 57 million Uber customers and drivers in 2016, according to a new report by Bloomberg. Leaked information included names, email addresses, and phone numbers, as well as drivers license numbers for hundreds of thousands of drivers.
Instead of contacting the affected parties and reporting the incident to regulators, however, the ridesharing company instead opted to pay the hackers $100,000 to keep the data breach under wraps and to dispose of the stolen information. Uber representatives claim that no Social Security Numbers, credit card information, or trip information was stolen, and it doesn’t believe the data was ever used.
Additionally, it refuses to identify the hackers responsible for the breach.
One more misstep in a long line of missteps
Uber has been under fire quite a bit in 2017. In January, the company faced criticism when it turned off surge pricing while taxi drivers protested President Trump’s travel ban at John F. Kennedy airport in New York. As a result, critics felt that Uber was taking advantage of the situation at the expense of the protestors.
The following week, former CEO Travis Kalanick stepped down from President Trump’s business advisory council after criticism from his employees and customers.
A few weeks later, a former engineer shared a damning account of her experience while working for the company. Sexual harassment was rampant, according to her blog post, and higher-ups did nothing despite knowing about it.
The following week, Google filed a lawsuit claiming that Uber stole key technology from its self-driving car company, Waymo, including 14,000 highly confidential documents.
And just a week after that, Kalanick was caught on tape berating an Uber driver over fare prices.
Since then, several Uber executives have resigned over the fallout, including Kalanick, giving new CEO Dara Khosrowshahi a giant mess to deal with.
Better expectations for the future
“None of this should have happened, and I will not make excuses for it,” wrote Dara Khosrowshahi in an emailed statement to Bloomberg. “We are changing the way we do business … While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Part of those changes includes removing chief security officer Joe Sullivan and a key senior deputy for their roles in the cover-up. But moving forward, a culture change will be necessary for the company to regain the support of its employees and customers.
How to protect your information from identity thieves
If you are or have been an Uber customer in the past, the chances are that your information was compromised in the breach. To help protect yourself from fraud, consider using a credit monitoring service like LifeLock, myFICO, or Credit Sesame. These services can help keep an eye on new accounts created in your name and alert you if anything else suspicious happens.
Additionally, get a copy of your credit reports at AnnualCreditReport.com to check for past fraud. After all, the breach happened over a year ago, so fraudsters have had plenty of time to use the information. You can get a free copy of each credit report once a year through the website.
As with the Uber breach, there’s no way for you to protect yourself from data breaches. You can, however, remain vigilant about keeping hackers from using the information they get from data breaches to take advantage of you.