Uber Hid 2016 Data Breach That Affected 57 Million Riders and Drivers

An Uber sign is seen in a car in New York on June 30, 2015. Eduardo Munoz / Reuters file

The personal information of 57 million Uber riders and drivers was stolen by hackers a year ago — a breach the company reportedly managed to conceal by paying the cyber criminals to destroy the information.

The cyberattack included 50 million Uber riders globally and 7 million drivers in the U.S. The stolen information was mostly limited to names, email addresses and phone numbers, according to a blog post from Uber CEO Dara Khosrowshahi.

However, the driver’s license numbers of 600,000 drivers in the United States were also compromised and Uber is now in the process of sending notifications to those drivers and regulatory authorities.

Forty million riders use Uber every month.

The existence of the breach was kept under wraps for a year and was first reported on Tuesday by Bloomberg.

While Khosrowshahi’s blog post does not mention Uber paying off the hackers to destroy the information, the company confirmed to NBC News that it paid two hackers $100,000 as a result of the incident.

Hackers were apparently able to access the user data late last year through a third-party cloud based service used by Uber. When the incident was discovered, Uber’s security team was able to cut off the hackers’ access and was able to identify them and receive “assurances that the downloaded data had been destroyed,” according to Khosrowshahi.

Click here to read more.

SOURCE: NBC News, Alyssa Newcomb