SAN FRANCISCO — Personal information of millions of Uber customers and drivers were stolen by hackers in 2016, in a breach that the company has kept secret for more than a year.
Bloomberg reports that In October 2016, two hackers gained access to a third-party cloud-based service used by Uber, and obtained information on 57 million of its users.
Compromised data from the attack included names, email addresses, phone numbers, as well as license numbers of around 600,000 U.S. drivers.
The company claims users' bank and credit card information, social security numbers, trip location history and dates of birth were not accessed.
The hackers reportedly emailed Uber asking for money, and were paid $100,000 to delete the stolen files and keep quiet about the breach.
News of the hack was not disclosed to either its users or any government agencies, despite a number of state and federal laws requiring the company to do so.
Uber's chief security officer and a senior lawyer have been sacked for their shady handling of the hack. The New York State Attorney General has also opened an investigation into the incident, according to USA Today.