Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken. The company paid hackers $100,000 to delete the data.
“None of this should have happened, and I will not make excuses for it, We are changing the way we do business,” chief executive officer Dara Khosrowshahi said. New York Attorney General Eric Schneiderman launched an investigation into the hack. The company was also sued for negligence over the breach by a customer seeking class-action status. This week the company ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps. Uber said it will provide drivers whose licenses were compromised with free credit protection monitoring and identity theft protection. Uber passengers need not worry as there was no evidence of fraud.