Uber admits data breach cover up

Uber has admitted to covering up a 2016 data breach that saw millions of data records stolen. While the admission only came recently as part of a deal for Uber to avoid criminal prosecution in the United States, the company had already been fined by the Information Commissioner’s Office (ICO) and the Netherlands’ data watchdog on the back of this breach.

A press release from the United States Department of Justice (DoJ) said that Uber “admits that its personnel failed to report the November 2016 data breach to the Federal Trade Commission despite a pending FTC investigation into data security at the company.”

2016 hack saw millions compromised

Uber’s 2016 data breach saw the personal details of 57 million people stolen, including both drivers and customers. The stolen data, including full names, telephone numbers, email addresses and driving licence details, would be enough for criminals to commit identity theft or attempt other types of fraud.

Uber didn’t disclose this hack until the following year. Allegedly, then-CEO Travis Kalanick and Chief Security Officer Joe Sullivan paid the hackers $100,000 to delete the stolen data and not speak of it again.

When Dara Khosrowshahi replaced Kalanick as CEO in August 2017, he learned about the cover up and dismissed Sullivan before reporting the breach to the relevant authorities.

Sullivan has been charged with obstruction of justice for his part in the matter, and is due to stand trial in August 2022.

While confessing to the coverup is the main reason the DoJ has decided not to press charges against Uber, the company’s commitment to informing the Federal Trade Commission of all future data breaches and its payment of $148 million to settle claims tied to the 2016 breach also likely played a part in the decision.


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.