Company admits it hid hack from users and regulators for over a year.
In October of last year, hackers breached Uber’s system and were able to access the names, phone numbers and email addresses of millions of users. Hackers were also able to steal the driver’s license numbers of roughly 600,000 Uber drivers in the United States. No credit card numbers were collected, Uber said.
The breach was never revealed to Uber users, drivers or government authorities because the company reportedly paid hackers $100,000 to delete the stolen data, according to statements from Uber CEO Dara Khosrowshahi to Bloomberg.
The cover-up of the hack is the latest scandal for Uber, which brought on Khosrowshahi to lead the company earlier this year. However, it appears the company is still haunted by past misdeeds even with Khosrowshahi in charge.
This week, chief security officer Joe Sullivan, hired in 2015, was fired once Khosrowshahi learned of the payment to hackers.
In a statement released by Uber, Khosrowshahi apologized for the bad behavior. He said the company is contacting each individual driver impacted by the hack and offering them free credit monitoring services.
“None of this should have happened, and I will not make excuses for it,” he wrote. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
The company also noted that it had not seen any evidence of fraud related to the breach, the largest in Uber’s history. Khosrowshahi committed to working with regulatory authorities as the company continues to monitor the situation.