Uber's had a rough year so far, but it's getting worse: The company was embroiled in a hacking attempt in October 2016, which it tried to conceal by offering the hackers $100,000 instead of informing the necessary parties.
The hackers, who used Amazon Web Services login details that were on a private GitHub page, stole as many as 57 million customer details, including names, phone numbers, and email addresses; 600,000 driver license plate details were also stolen. However, more sensitive information, such as credit card details, social security numbers and birth dates had not been compromised, Uber officials said. Uber failed to notify both regulators and customers affected by the breach, instead paying the hackers $100,000 to delete the data and keep it quiet.
Uber had as many as 600,000 license plate details stolen in the attack. (Image: Simone Acquaroli, Unsplash)
In a blog post explaining the incident, CEO Dara Khosrowshahi said that "None of this should have happened, and I will not make excuses for it," and "We are changing the way we do business, putting integrity at the core of every decision we make." He also said that the two employees responsible for covering up the data breach were not with the company any more.
However, it has become increasingly clear that Khosrowshahi knew about the attack when he joined the company, and Uber knew who the attackers were, although that has not been disclosed.
Uber's brand was already suffering but this -- the cover-up, more than the fact it was compromised -- will severely dent its corporate image. The key lesson for companies from this debacle is that it's best to come clean and deal openly with such situations -- trying to do otherwise is costly, in so many ways.