A new report shows that the ride-sharing company Uber paid hackers to keep quiet after it was revealed that the personal information of 57 million users had been compromised in a 2016 cyberattack.
According to Bloomberg, 50 million riders and 7 million drivers had their personal information compromised in October 2016 including their names, email addresses, phone numbers, and some license numbers.
Uber told reporters that they believe none of the information was ever used and assured users that no credit card numbers or social security numbers were taken.
However, instead of reporting the cyberattack to U.S. regulators initially, Uber paid hackers $100,000 to keep quiet and delete the data they obtained.
Joe Sullivan, who was the company’s chief security officer, and senior lawyer Craig Clark, were involved with in the hack response and have been removed.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” CEO Dara Khosrowshahi said in a statement.
“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed,” the statement adds. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”
Khosrowshahi assured users that they working to “learn from our mistakes.”
The massive breach is just the latest revelation in a string of cyberattacks against major companies such as Equifax.
