The global transportation company Uber has said that two hackers in October 2016 "inappropriately accessed" names, email addresses and phone numbers of 57 million customers and drivers. The breach also included the names and driver's license numbers of around 600,000 drivers in the US alone.
Uber CEO Dara Khosrowshahi broke the news in a blog post on Wednesday. The post stated that, in late 2016, two individuals from outside of the company accessed Uber's data.
"The incident did not breach our corporate systems or infrastructure. However, the individuals were able to download files containing a significant amount of other information," Khosrowshahi said in that statement, reported IANS.
Even though the company claims that 57 million customers and drivers are under the cyber threat, almost 500 million people from around the world, who have installed the Uber app are no longer safe.
"This information included names, email addresses and mobile phone numbers. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded," Khosrowshahi said in his post.
"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts," said the CEO.
"You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it," said Khosrowshahi.
Meanwhile Uber has started the process to secure its data and shut down further unauthorised access by the individuals. On the other hand, according to Forbes, to secure the data the San Francisco-based company had paid $100,000 to the hackers.
The company has asked the former general counsel of the National Security Agency (NSA) and director of the National Counterterrorism Centre, Matt Olsen to instruct them on how they could secure their own security system to avoid further breaches. However, the post did not specify any measures taken to safeguard on leaked users' data.
"Effective today, two of the individuals who led the response to this incident are no longer with the company. We are individually notifying the drivers whose driver's license numbers were downloaded. We are providing these drivers with free credit monitoring and identity theft protection," Khosrowshahi further added.
"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," he said.
"None of this should have happened, and I will not make excuses for it. While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," the CEO concluded.