Uber details last year's data theft
Uber has revealed 1.2 million Australians’ personal information was compromised by a hack in 2016.
The ‘ride-sharing’ firm has made a disclosure to the Privacy Commissioner, detailing the local impacts of a broader breach that affected 57 million of its users and drivers worldwide.
The company has been criticised for making the disclosure in late November 2017, when it knew about the issue since it occurred in October 2016.
The attackers broke into the private Github repository of Uber software developers to access credentials located there, which were then used to access data stored on an Amazon Web Services server.
The two Uber staff who spearheaded the company’s response to the incident - chief security officer Joe Sullivan and a deputy – have since been let go.
Reports say Uber paid the attackers US$100,000 at the time to keep quiet and delete the stolen data.
The names, email addresses and mobile phone numbers of customers, as well as names and drivers licence numbers of drivers, were among the data stolen.
Uber said it told the Australian Privacy Commissioner that approximately 1.2 million Australian users were impacted by the breach.
The company will not individually notify the people whose data it allowed to be compromised.
Uber does not believe its users need to take any action, but said they could contact its help centre if they suspect any unusual behaviour as a result of their personal data being hacked.
“We are monitoring the affected accounts and have flagged them for additional fraud protection,” the company said.
Uber is “happy to answer any questions regulators may have”, a spokesperson said.
“We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to regain the trust of consumers.”