(Reuters) – Uber Technologies Inc [UBER.UL] failed to disclose a massive breach last year that exposed the data of some 57 million users of the ride-sharing service, the company’s new chief executive officer said on Tuesday.
Discovery of the company’s handling of the incident led to the departure of two employees who led Uber’s response to the incident, said Dara Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick.
Khosrowshahi said he had only recently learned of the matter himself.
The company’s admission that it failed to disclose the breach comes as Uber is seeking to recover from a series of crises that culminated in the Kalanick’s ouster in June.
According to the company’s account, two individuals downloaded data from a third-party cloud server used by Uber, which contained names, email addresses and mobile phone numbers of some 57 million Uber users around the world. They also downloaded names and driver’s license numbers of some 600,000 of the company’s U.S. drivers, Khosrowshahi said in a blog post.
He said he had hired Matt Olsen, former general counsel of the U.S. National Security Agency, to help him figure out how to best guide and structure the company’s security teams and processes.
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said in the blog post.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he said. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
(Corrects paragraph 1 to data instead of date)
Reporting by Jim Finkle in Toronto; Editing by Tom Brown