The bad news: Uber suffered a major hack one year ago that exposed the accounts of 57 million customers and drivers. The worse news: The company decided to keep the breach a secret instead of informing victims, and it paid the hackers $100,000 to keep it under wraps, reports Bloomberg. Now the company, under new CEO Dara Khosrowshahi, is coming clean. “None of this should have happened, and I will not make excuses for it,” he said. “We are changing the way we do business.” Former CEO Travis Kalanick declined to comment. The company says the hackers got names, email addresses, phone numbers, and some drivers' license numbers, but no Social Security numbers or credit card information. Those affected will be notified.
As both Bloomberg and the Wall Street Journal note, the size of the hack is relatively small when compared to breaches at, say, Yahoo and Equifax, but it's the attempt at a cover-up that makes the Uber case especially troubling. Uber says it discovered the breach in November 2016 and immediately took steps to shore up security. It did not, however, alert authorities or victims. Nor will it identify the hackers now. The company has fired security chief Joe Sullivan and a deputy for their roles in the breach and its aftermath, and New York Attorney General Eric Schneiderman has launched an investigation into the hack, reports USA Today.