The hits keep coming for Uber. CEO Dara Khosrowshahi confirmed Tuesday that, in late 2016, hackers stole the data of 57 million of the company's riders and drivers from around the world, including names, email addresses, phone numbers and driver's license numbers. Khosrowshahi also confirmed that the $70 billion ridehailing giant has kept the cyberattack quiet for more than a year, in violation of laws that regulate such breaches.
As a result, Uber has fired chief security officer Joe Sullivan and one of his employees, according to Bloomberg. Sullivan was in charge of the company's response when the attack took place. Former CEO Travis Kalanick reportedly learned about the hack roughly a month after it occurred.
The breach was reportedly discovered by a team hired by Uber to investigate Sullivan and the security department as a whole. The outside law firm in charge of the investigation found that two hackers broke into Uber's Amazon Web Services account to gain access to rider and driver data, then asked Uber for money to keep the information private. Uber reportedly paid the hackers $100,000 to delete the data and conceal the incident.
New York Attorney General Eric Schneiderman has begun investigating the cyberattack, per Bloomberg.
Uber has also run into previous trouble with data breaches. Last year, state authorities in New York reportedly fined the company for failing to disclose a 2014 cyberattack.
"None of this should have happened, and I will not make excuses for it," Khosrowshahi wrote in a statement. The former Expedia CEO became Uber's chief executive in September. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
A brief history of Uber's troubled year
News of the breach and cover-up comes near the end of a rollercoaster year for Uber.
The company has been the subject of several lawsuits, including a petition from Waymo alleging a former Uber employee stole trade secrets regarding self-driving technology and multiple claims from women who said they were assaulted by drivers. Uber has also become known for flying in the face of regulations. The US government has opened several criminal investigations into the ridehailing business, including a probe into the "Greyball" tool Uber purportedly used to evade authorities in regions where its platform wasn't approved. In London, meanwhile, authorities recently opted not to renew Uber's license to operate.
The investigation into the latest data breach isn't the first time this year Uber has hired an outside firm to conduct an investigation: In February, prompted by a blog post from a former employee alleging rampant sexual harassment, the company brought on former US Attorney General Eric Holder to lead an independent review of its work culture. In June, Uber released recommendations from that investigation and began overhauling its environment.
Khosrowshahi has been vocal about his commitment to turning around Uber's culture and improving conditions.
Uber is currently in talks to raise up to $10 billion from SoftBank, a deal that's been on shaky ground due to negotiations over the size of the investor's potential stake and worries about Kalanick's power over the board.