Uber CEO, Dara Khosrowshahi stated that the company has fired two of its citing them responsible for the cover up.
In a shocking revelation, Uber Technologies Inc on Tuesday admitted that the company paid hackers $100,000 to keep secret a major cyber security breach – which occurred in October last year. More than a year after the incident the transport service provider revealed that the breach had exposed the personal information of about 57 million accounts of Uber.
Uber CEO, Dara Khosrowshahi – who replaced co-founder Travis Kalanick earlier in August – stated that the company has fired two of its employees – chief security officer, Joe Sullivan, and a deputy, Craig Clark – citing them responsible for the cover up. Former top security official at Facebook Inc, Sullivan had served both as the security chief and deputy general of Uber.
Stating that he had learned about the incident only recently, Khosrowshahi said, “None of this should have happened, and I will not make excuses for it.”
The Uber CEO has also confirmed that in the last year’s security breach, several personal information of Uber users including names, email address and contact numbers – were stolen. The cyber security breach also leaked the names and license numbers of 600,000 drivers.
However, the company mentioned that there is no evidence of fraud as yet and also the drivers – whose information were stolen – would be getting free identity theft protection and credit monitoring.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers,” said Khosrowshahi.
Uber said that two hackers stole the company’s credentials by gaining access to the proprietary information stored on GitHub – a web-based Git version control repository hosting service. According to Uber, the hackers stole the company’s information for another cloud-service provider. Though, the GitHub has clarified that the breach was not because of a failure of GitHub.
According to a report by Reuters, a source with knowledge of the incident said that former Uber CEO Kalanick got to know about the incident after almost a month when the breach took place. However, sources have also confirmed that neither Kalanick nor Salle Yoo – the then general counsel – was involved in the cover-up.
The Federal Bureau of Investigations and other private security companies claimed that there are several companies like Uber – who pay criminal hackers to rescue stolen data.
Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security said, “The economics of being a bad guy on the internet today are incredibly favorable.”