Uber may soon be under investigation by the Federal Trade Commission for its failure to tell tens of millions of customers their information was hacked.
The personal data of 57 million customers and drivers was stolen from the high tech ride-hailing firm in late 2016 and, rather than come clean, the company opted to offer $100,000 in hush money to the hackers responsible in a bid to keep them quiet about the theft.
The company this week announced the breach publicly — more than a year later. It also informed potential investor Softbank about the breach before informing its customers. Softbank is interested in investing $10 billion in the company, making the disclosure necessary.
The hackers made off with the names and driver’s license numbers of roughly 600,000 drivers in the U.S. as well as the names, e-mail addresses and mobile phone numbers of users across the globe. An investigation revealed that credit card numbers, bank account numbers and Social Security numbers were not accessed.
New CEO Dara Khosrowshahi said the firm’s chief security officer and one of his aids has been fired for their role in the cover-up.
“I’ve asked Matt Olsen, a co-founder of a cyber-security consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward,” Khosrowshahi said in a blog post.
“Effective today, two of the individuals who led the response to this incident are no longer with the company.”
Aside from customer backlash, Uber may also find itself in hot water with the FTC.
The agency told Reuters it is “aware of press reports describing a breach in late 2016 at Uber and Uber officials’ actions after that breach. We are closely evaluating the serious issues raised.”
Khosrowshahi said Uber is in the process of contacting the drivers whose driver’s license numbers were downloaded and will offer all of those impacted free credit monitoring and identity theft protection.
“None of this should have happened, and I will not make excuses for it,” he said. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Khosrowshahi, who came on board with Uber in September, replaced Travis Kalanick. Kalanick was forced to resign in June amid shareholder pressure.
Kalanick’s leadership of Uber had been under question since the beginning of the year, during which time the company faced sexism allegations and issues with disgruntled drivers. Uber was also accused of stealing trade secrets from Alpahbet’s self-driving vehicle division, Waymo, and was slapped with a $20-million fine by the FTC.
Uber’s popularity took a hit over Kalanick’s involvement in President Donald Trump’s economic advisory council. Kalanick’s failure to immediately condemn an order signed by Trump back in January that suspended immigration to the United Sates from Muslim countries led to public outrage. A #DeleteUber campaign was started via social media and, although Kalanick did resign from the advisory council, it was not before losing some 200,000 customers.
It has been a rough year for Uber and, with the fallout from the hack and a possible FTC investigating looming, it doesn’t look like the firm will end the year any better than it started.