Nov. 22 (UPI) — Uber revealed Tuesday that hackers accessed the ride-hailing company’s database and stole the personal information of 57 million customers and drivers one year ago.
The breached exposed the names, email addresses and phone numbers of users around the world, including the driver’s license numbers of about 7 million drivers, 600,000 of which were in the United States.
The information was accessed through a third-party cloud-based service Uber uses. The company said no Social Security numbers, credit card numbers, bank account numbers, birth dates or trip location data was taken.
CEO Dara Khosrowshahi said the company “took immediate steps” to shut down the unauthorized access and destroyed downloaded data.
Bloomberg reported that Uber paid hackers $100,000 to delete the downloaded data and keep the data breach secret.
Though the breach happened in late 2016, Uber first reported the incident nearly one year after it took place.
“You may be asking why we are just talking about this now, a year later,” Khosrowshahi said in a post on the company’s website. “I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.”
The company fired Joe Sullivan, chief security officer, and one other employee involved in the aftermath of the data breach.
“None of this should have happened, and I will not make excuses for it. We are changing the way we do business,” Khosrowshahi said.
Uber doesn’t believe any of the information was used fraudulently, but said it was monitoring the affected accounts. The company suggested that those affected monitor their credit reports and accounts.