Uber on Tuesday confirmed that it suffered a massive data breach and then paid the hackers $100,000 to delete the stolen information and also keep quiet about the breach.
Also Read: Personal information of 143 million US citizens exposed in Equifax Hack
The breach which occurred in October 2016, affected about 57 million customers and drivers. Information such as names, email addresses and mobile phone numbers related to accounts of people around the world, Uber told Bloomberg.
Uber said that the personal information of about 7 million drivers were also accessed in the breach, including some 600,000 US driver's license numbers. However, no Social Security numbers, credit card information, trip location details or any other data were accessed during the breach.
"None of this should have happened, and i will not make excuses for it," Uber's chief executive, Dara Khosrowshahi said in a statement. "While i can't erase the past, i can commit on behalf of every Uber employee that we will learn from our mistakes."
However, trouble seem to be brewing for Uber for the fact that they refused to disclose the breach to the affected people, instead opted to pay the hackers so as to keep their mouth shut.
Most states in the US have different laws regarding data breach, most of which require companies to notify customers in the case any of data breach. State like for California for example, under their law require companies to notify state residents of any breach of unencrypted personal information, and must inform the attorney general if more than 500 residents are affected by a single breach.
Uber has told its customers that theres no evidence that the leaked information were used for nefarious purposes.
"We do no believe any individual rider needs to take any action," Statement from the company read. "We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection."