- The Uber hack took place in October 2016.
- Hackers stole details belonging to 50 million riders and seven million drivers.
- The company announced on Wednesday that 2.7 million people were affected in the UK.
- Uber reportedly paid the hackers $US100,000 to delete the data they stole.
Uber has revealed that around 2.7 million people in the UK were affected by a 2016 data breach that it kept secret.
Hackers stole names, email addresses, and phone numbers of Uber’s riders and drivers in October 2016. Credit card numbers and dates of birth were not obtained, Uber said.
The San Francisco taxi app kept the breach a secret and paid the hackers $US100,000 (£75,000) to delete the data.
The hack affected 50 million riders and seven million drivers worldwide, according to Uber.
“In the United Kingdom this involved approximately 2.7m riders and drivers,” Uber wrote in a blog post on Wednesday.
“This is an approximation rather than an accurate and definitive count because sometimes the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives.”
Uber has around five million active users in the UK. The bulk of those, approximately 3.5 million, are in London, where Uber is currently fighting to get its operating licence renewed.
Mayor of London Sadiq Khan said in a statement: “This latest shocking development about Uber will alarm millions of Londoners whose personal data could have been stolen by criminals.
“Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don’t suffer adversely, and what action is being taken to prevent this happening again in the future.”
The Information Commissioner’s Office, the UK data regulator, also said it would “expect” Uber to alert those affected in the UK as soon as possible.
— ICO (@ICOnews) November 29, 2017
A spokesperson from the National Cyber Security Centre, a part of GCHQ, said: “People who are concerned should continue to be vigilant and follow the advice on the National Cyber Security Centre website.” The organisation also took the opportunity to remind companies that they should always report any cyber attacks to the NCSC immediately.”
Uber CEO Dara Khosrowshahi published a blog post about the incident last Tuesday that was updated again today. In it, he wrote:
“As Uber’s CEO, it’s my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of. For that to happen, we have to be honest and transparent as we work to repair our past mistakes.
“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.