Uber's massive hack: What we know

Uber's massive hack: What we know

Furthermore, it contained personal information of 57 million Uber users, including names, email addresses, and phone numbers.

As the United Kingdom data protection regulator has opened an investigation into the hack of customer and driver data at Uber, the maximum penalty could be about £500,000 ($662,350, €563,000) under current British law for organizations that fail to notify affected users and regulators when data breaches occur.

Two hackers penetrated GitHub which is a private site used by Uber software engineers to obtain access to login credentials that were used to access an separate cloud-services provider.

No Social Security numbers, credit card numbers, bank account numbers, birth dates or trip location data was taken, Uber said. Among those, the hackers stole 600,000 driver's license numbers of drivers for the company.

These drivers have been notified and Uber is providing these drivers with free credit monitoring and identity theft protection.

"I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it", he said.

Khosrowshahi also said that he can't erase the past but the company will learn from its mistakes.

"We do not believe any individual rider needs to take any action, " the company said in its statement.

Like this story? Share it!

This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

This is the second time the company is known to have failed to report a significant breach, having been fined $20,000 in January 2017 for failing to disclose a considerably less serious breach in 2014, as reported by the BBC.

Uber would not confirm it paid this ransom.

Earlier in 2016, the company reached a settlement with the NY attorney general requiring it to take steps to be more vigilant about protecting the information that its app stores about its riders.

The company has not yet revealed where in the world these users and drivers were.

The hackers gained access of information that was stored on GitHub.

They did not say, however, how hackers assured the company the stolen data was destroyed. The hack introduces an unexpected factor in negotiations between SoftBank Group Corp. and Uber shareholders over a planned investment of as much as $10 billion, a deal Khosrowshahi has been championing. The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter.