Uber Mena in process of working with governments on data breach
The ride hailing app has come under fire for hiding a security breach in late 2016 that exposed data of 57 million people
The Middle East branch of Uber said that it was working with regional governments over the data breach which has compromised the personal information of 57 million people around the world.
"We are in the process of notifying various regulatory and government authorities and we expect to have ongoing discussions with them,” an Uber Middle East North Africa spokeswoman for told The National. “Until we complete that process we aren't in a position to get into any more details."
The ride hailing app company has come under fire for hiding the hack.
“None of this should have happened, and I will not make excuses for it,” the company’s new chief executive, Dara Khosrowshahi, wrote in a blog post.
Two individuals have been fired in the wake of the news reaching the public domain, effective immediately, according to Uber. In late-2016, two persons accessed Uber’s data that was stored on a third-party cloud-based service. The San Francisco company keeps data on millions riders and drivers in almost 80 countries.
“Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth were downloaded,” said Mr Khosrowshahi. “However, the individuals were able to download files containing a significant amount of other information.”
This includes the names and driver’s license numbers of drivers as well as personal information of 57 million Uber users around the world. Uber said that at the time of the incident, immediate steps were taken to secure the data and shut down further unauthorised access by the responsible individuals.
Despite knowing of the breach, Uber failed to inform drivers or individuals. “We think this was wrong, which is why we are now taking the actions we've described. We have seen no evidence of fraud or misuse tied to the incident,” a company statement said.
Bloomberg reported that Uber instead paid the hackers US$100,000 to destroy the illegally-obtained data.
Mr Khosrowshahi joined as the chief executive in August after a heated row to oust co-founder Travis Kalanick. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he said. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
This is reminiscent of the September hack on US credit monitoring company, Equifax. As one of three main credit scoring agencies in the US as well as international individuals with assets in the US were compromised adding up to hundreds of millions of people.
Equifax requires users to enter sensitive data, as do other tech-based firms such as Uber. Congressional hearings began last month over the Equifax breach with its former chief executive, Richard Smith, testifying as to the intricacies of the hack as well as explaining the company response.
Updated: November 22, 2017 06:31 PM