Uber Covered Up a Data Breach Affecting Over 57 Million Users

The ride-hailing platform also paid the hackers $100,000 to keep the incident under wraps.

Uber has finally admitted responsibility for hiding a data breach that exposed the information of 57 million passengers and drivers in 2016.

In the wake of Uber Files — a bombshell investigation that uncovered furtive information about the popular ride-sharing app — the company announced that it failed to report the cyberattack in a non-prosecution agreement with the US Department of Justice last week.

Despite Uber paying the hackers a $100,000 ransom to keep the data breach under wraps, U.S. attorneys have decided not to prosecute the company this time around. Here’s everything you need to know about the 2016 breach.

Uber Has Admitted to Hiding a 2016 Data Breach

In November 2016, Uber fell victim to a massive cyberattack that compromised the data of over 57 million customers and drivers.

Malicious actors were able to crack the company’s system by using stolen credentials. These authorizations then helped them to obtain an access key from a source code repository, granting them access to wide swathes of customer and driver data.

The hack exposed the private information of 600,000 US drivers and more than 50 million customers across the world. Examples of compromised data included full names, email addresses, phone numbers, and driver registrations.

Uber decided not to disclose information about the attack to the Federal Trade Commission (FTC) when it took place, despite a pending investigation into the company’s data security practices at the time. The ride-hailing app instead decided to pay its hackers a $100,000 ransom to delete the data and keep the breach secret.

“Uber admits that its personnel failed to report the November 2016 data breach to the FTC despite a pending FTC investigation into data security at the company,” – recent statement by the Justice Department

Uber finally reported the incident to government authorities a year later when the new CEO Dara Khosrowshahi first learned about the hack. Once details about the breach were made public, the company also paid $148 million to settle civil litigation and promised to report cyberattacks to the FTC in the future.

According to the ‘Uber Files’, a recent expose by the Guardian, Uber’s former CEO Travis Kalanick and Uber’s Chief Security Officer at the time Joe Sullivan were both complicit in the coverup. Here’s what else the Uber Files revealed about the company’s checkered history.

What Are the Uber Files?

The Uber Files is a four-month-long global investigation based on over 124,000 documents leaked by Uber’s European chief lobbyist.

The leaked records reveal some pretty shady truths about what was behind the company’s rapid expansion. For instance, they uncovered that the company has been hiding important information from authorities, secretly lobbying governments from around the world, and exploiting violence against drivers.

The findings that emerged from the Uber Files paint the company, particularly its former CEO Kalenick, in a very damming light. However, in a statement responding to the leak, the ride-hailing app explains that it has radically reformed its practices under its new chief executive, Dara Khosrowshahi.

How to Keep Your Data Safe From Breaches

Thankfully, a data breach of this magnitude is pretty rare. However, with the average American suffering seven data breaches since 2004, the chances of your private information being accessed by cybercriminals are still very high.

While there’s no way to completely evade breaches, we recommend using virtual private networks (VPNs) to keep yourself safe online. By encrypting your internet traffic and masking your identity, these browser extensions make it much harder for malicious actors to steal your data.

Alternatively, by using password managers to store of your credentials, you can form an extra layer of defense between you and lurking cyber threats. But the more strategies you use, the greater chance your data has of staying private. So for more information on how to improve your cybersecurity, read our top internet safety tips.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Isobel O'Sullivan (BSc) is a senior writer at Tech.co with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals