Uber fired its chief security officer and another employee this week following a huge data breach the ride-sharing company has been hiding for a year. Former head of security Joe Sullivan reportedly led the response to the hack, which happened when two attackers tapped Uber employees’ Github and Amazon Web Services information to steal a trove of rider and driver data. The company’s “solution” was not to report the breach properly and to give the hackers $100,000 purportedly in exchange for deleting the data.
How bad is it?
The hackers stole information about 57 million customers and drivers, including around 600,000 driver’s license numbers. The hacked data included names, email addresses and phone numbers, but Uber says the hack didn’t get Social Security numbers, credit cards or data about your location during trips.
Seems like a mess.
Uber has been here before. The company was hacked in 2014 and fined $20,000 for failing to disclose the security leak. While negotiating with the feds for a privacy settlement, Uber was simultaneously trying to pay $100K to hackers in exchange for deleting info about 57 million people.