Information from 57 million Uber users’ accounts could be vulnerable from a 2016 hack into the ride-sharing app’s systems.
The news of the hack, which happened around a year ago, was released on Tuesday in a blog post from Uber’s CEO Dara Khosrowshahi.
But it took a year for the hack to be made public, something Khosrowshahi says is unacceptable.
“You may be asking why we are just talking about this now, a year later,” he wrote. “I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.”
At the time, the affected drivers were not notified; neither were regulators or police. According to Bloomberg News, the company paid $100,000 to keep the information private.
Two people who worked on Uber’s response to the hack have been fired, Khosrowshahi said. The New York Times and Bloomberg identified the two as former Chief Security Officer Joe Sullivan and one of his deputies.
The information accessed included Uber riders’ email addresses, phone numbers and names, and the names and licence numbers of about 600,000 U.S. drivers. The company says riders don’t need to take action but drivers can check if they’ve been affected by reaching out to the company.
RELATED: Equifax reportedly knew for months about cyber-security vulnerability
Credit card information, along with social security numbers and dates of birth were still secure.
The data was accessed by “two individuals outside the company,” Khosrowshahi said.
In response to the incident, Uber will be contacting the affected drivers, and providing them with credit monitoring and identity theft protection.
Officials will also be monitoring both riders and drivers’ accounts for fraudulent activity.
Khosrowshahi said he has also hired a cyber security firm to access the company’s security teams and guide them going forward.
“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he wrote.
The hack and the cover-up is the latest scandal from Travis Kalanick’s time as CEO of Uber. Kalanick resigned after months of controversy, including company-wide sexual harassment complaints.