About That Time Uber Paid Off Hackers to Conceal a Major Data Breach

The app is facing several potential class-action lawsuits

November 27, 2017 9:00 am

Uber just can’t seem to stay out of the news this year, thanks to … oh, a growing and damning number of reasons.

Now it’s been revealed the ride-sharing app paid hackers $100,000 to keep quiet about stealing the personal info of 57 million customers and drivers.

According to Uber, “two individuals outside the company” inappropriately accessed data that was stored on a cloud-based storage service in 2016 and obtained information including names, email addresses and mobile phone numbers. Instead of telling customers and drivers about the breach, Uber’s former chief security officer Joe Sullivan opted to pay the hackers $100k to delete the data and keep the incident quiet.

Uber disclosed the data breach last week and fired Sullivan and one of his deputies, but that response may be a day late and a dollar short as the ride-hailing service is currently being investigated by the Federal Trade Commission and the attorney generals of at least five states (Connecticut, Illinois, Missouri, Massachusetts and New York). Private plaintiffs have also filed three separate class-action lawsuits alleging that Uber was negligent in its protection of data.

“We’ve been in touch with several Attorney General Offices and the FTC to discuss this issue, and we stand ready to cooperate with them going forward,” an Uber spokesman told The Washington Post.

For more information about the hack — or to find some fodder for a lawsuit of your own —  from a rider perspective, here’s Uber’s blog post about it.

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.