"Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. Company paid hackers $100,000 to delete info, keep quiet... Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year... Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver’s license numbers... Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet..." https://www.bloomberg.com/news/arti...rattack-that-exposed-57-million-people-s-data
"Hackers Are Using Uber’s 57 Million Account Data Breach to Steal Passwords... ...[H]ackers are capitalizing on that news by sending potential Uber users specially crafted emails designed to steal their password. 'Our deepest apologies,” reads an apparent phishing email, posted by IT trainer and consultant Dale Meredith to Twitter on Wednesday. 'You may have heard that Uber was compromised last year. We are sorry to inform you that your information was, unfortunately, confirmed to be part of the breach. Please click below to confirm you’ve received this message and change your password,' the email continues, complete with fairly convincing Uber branding spread throughout the message. The email itself comes from “noreply@uberapp.co,” according to Meredith’s screenshot, following a similar style of automated alert emails..." https://www.thedailybeast.com/hacke...illion-account-data-breach-to-steal-passwords
FTC tightens reins around Uber following 2016 breach https://arstechnica.com/information...tens-reins-around-uber-following-2016-breach/
Uber Slapped with £385K ICO Fine for Major Breach November 27, 2018 https://www.infosecurity-magazine.com/news/uber-slapped-with-385k-ico-fine/ "Monetary Penalty Notice" (PDF): https://ico.org.uk/media/action-weve-taken/mpns/2553890/uber-monetary-penalty-notice-26-november-2018.pdf
French data protection watchdog fines Uber $460,000 for data breach December 20, 2018 https://techcrunch.com/2018/12/20/french-data-protection-watchdog-fines-uber-460000-for-data-breach/
Colombia Orders Uber to Improve Data Security After 2016 Breach July 23, 2019 https://www.voanews.com/americas/colombia-orders-uber-improve-data-security-after-2016-breach
Former Uber security chief charged for allegedly covering up hack August 20, 2020 https://www.cnet.com/news/former-uber-security-chief-charged-for-allegedly-covering-up-hack/
"Uber admits covering up 2016 hacking, avoids prosecution Uber Technologies has accepted responsibility for covering up a 2016 data breach that affected 57 million passengers and drivers, as part of a settlement with US prosecutors to avoid criminal charges In entering a non-prosecution agreement, Uber admitted that its personnel failed to report the November 2016 hacking to the US Federal Trade Commission, even though the agency had been investigating the ride-sharing company's data security... ...the decision not to criminally charge Uber reflected new management's prompt investigation and disclosures, and Uber's 2018 agreement with the FTC to maintain a comprehensive privacy program for 20 years..." https://www.itnews.com.au/news/uber-admits-covering-up-2016-hacking-avoids-prosecution-583087
"Uber’s Former Security Chief Convicted of Data Hack Coverup Joe Sullivan found guilty by jury of concealing 2016 breach Joe Sullivan was found guilty in San Francisco federal court Wednesday by a jury which rejected his claim that other executives at the ride-hailing giant were aware of the 2016 hack and were responsible for it not being disclosed to regulators for more than a year..." https://www.bloomberg.com/news/arti...convicted-of-data-hack-coverup?srnd=code-wars