Two hackers accessed the personal information of 50 million Uber riders and 7 million Uber drivers in an October 2016 hack of the company, Bloomberg reported on Tuesday.
The data taken from Uber included email addresses and phone numbers of customers, along with the license plate numbers and contact information of a portion of the drivers. Uber claims that other data, such as social security numbers and credit card information, was untouched.
Uber fired chief security officer Joe Sullivan and one of his subordinates for participating in a cover up that involved paying the hackers $100,000 to stay quiet about the breach. The perpetrators, who had breached the company by using stolen login credentials from its programmers, also agreed to erase the info. According to state and federal laws, companies must disclose hacks that result in the exposure of personal data. Uber told Bloomberg it discovered the indiscretions after the board hired an outside law firm to investigate Sullivan.
CEO Dara Khosrowshahi also told Bloomberg, “None of this should have happened, and I will not make excuses for it. We are changing the way we do business.” Khosrowshahi’s predecessor, Travis Kalanick, was in charge at the time of the breach.
The company has faced a series of challenges in recent months, and Kalanick was forced out of his position as a result. They included sexual harassment problems that were exposed in a viral blog post by a former employee and a lawsuit filed by Google’s self-driving car division that alleged it Uber used confidential trade secrets.