Uber isn't saying how many Canadians were affected by year old hack

Andrew Cummings
November 23, 2017

Hackers stole the personal data of 57 million customers and drivers from Uber, a major breach that the company concealed for more than a year.

While in 2016 attackers were also able to access a private GitHub coding site used by Uber software engineers to grab login credentials and use those to access data stored on an Amazon Web Services account - where they unearthed an archive of rider and driver data.

Bloomberg reports that Kalanick paid the hackers $100,000 to delete the data it collected and then failed to warn potential victims. Attorneys general in at least four USA states, Connecticut, Illinois, Massachusetts and NY, said they had launched investigations into the breach.

With Uber's latest problems, it may become a whole lot tougher.

Discovery of the USA company's cover-up of the incident resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.

That information included the names and license numbers of 600,000 drivers in the US, as well as the names, email addresses, and mobile phone numbers of 57 million Uber customers around the world.

Normally, in a situation like this, Uber would notify the public and law enforcement, however, they chose a different course.

The former Uber CEO, Kalacnik, learned about the data-leak in November 2016.

Earlier this year, credit reporting service Equifax waited several months before revealing this past September that hackers had stolen the Social Security numbers of 145 million Americans.

In a statement, Khosrowshahi said: "We have to be honest and transparent as we work to fix our past mistakes". "We are changing the way we do business".

Prior to this, Uber Philippines said in a statement it could not give further details on the data breach. The incident exposed the personal data (including names, emails, and phone numbers) of around 57 million Uber customers living in different countries.

Uber said it had fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week due to their role in the handling of the incident. "We have opened an investigation and we are collecting all the useful elements to assess the extent of the data breach and the actions to be taken to protect any Italian citizens involved". Clark could not immediately be reached for comment. The ride-sharing company now faces probes from multiple state attorneys general and regulators.

"Deliberately concealing breaches from regulators and citizens could attract higher fines for companies", James Dipple-Johnstone, deputy commissioner of the UK Information Commissioner's Office, said in an emailed statement. "We are working closely with other agencies including the NCA and ICO to investigate how this breach has affected people in the United Kingdom and advise on appropriate mitigation measures".

The revelation comes as Uber is negotiating with Japan's SoftBank for a $10bn investment. Riders can learn more here.

Other reports by iNewsToday