Uber has revealed that the personal data of 57 million users globally was exposed last year.
And it appears Australian drivers and passengers may have been caught up in the privacy breach, with Uber contacting unspecified local authorities.
“We are in the process of notifying various regulatory and government authorities and we expect to have ongoing discussions with them,” said an Uber spokesperson in regard to Australian users.
“Until we complete that process we aren’t in a position to get into any more details.”
The breach happened in October 2016 but the company only admitted to it on a blog post overnight.
“You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it,” said Uber chief executive Dara Khosrowshahi.
“None of this should have happened, and I will not make excuses for it.”
Khosrowshahi, who joined the company in September to take over from founder Travis Kalanick, said two staff members that led the incident response were terminated this week — reported by Bloomberg as chief security officer and former Facebook exec Joe Sullivan, and lawyer Craig Clark.
Bloomberg also reported that the two people responsible for the breach were paid off $US100,000 to delete the data, which included the names, email addresses and phone numbers of 50 million riders and 7 million drivers around the world.
Identity theft support was being provided to the 600,000 drivers in the US that had their licence numbers exposed, wrote Khosrowshahi.