The New York Times reported that Uber fired it security officer after “two hackers stole data about the company’s riders and drivers — including phone numbers, email addresses and names — from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data.” The November 21, 2017 report entitled “Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data” included these details about how Uber reacted to the hackers:
The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter.
To further conceal the damage, Uber executives also made it appear as if the payout had been part of a “bug bounty” — a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.
The fact that 48 states and 89 countries require breach reporting did not make it onto Uber’s radar which will surely be a problem as we watch this unfold.