Uber Technologies Inc. revealed its enormous information breach to potential investor SoftBank Group Corp. before uncovering the details to the general population. The revelation came as SoftBank engages in due diligence on the ride-hailing organization before a potential investment, Uber explained in an email. SoftBank, which may invest as much as $10 billion into the organization, declined to comment.
“We informed SoftBank that we were investigating a data breach, consistent with our duty to disclose to a potential investor, even though our information at the time was preliminary and incomplete,” Uber said in the statement. “We also made clear that our forensic investigation was ongoing. Once our internal inquiry concluded and we had a more complete understanding of the facts, we disclosed to regulators and our customers in a very public way.”
On November 21, 2017, Uber recognized that personal data of around 57 million accounts was compromised in a hack that occurred in October 2016. The individual data of around 7 million drivers was compromised as well, including the license numbers of over 600,000 U.S. drivers.
Immediately in the wake of finding out about the occurrence of the information breach, the organization terminated its chief security officer Joe Sullivan and deputy security officer Craig Clark for covering up the episode which incorporated a $100,000 payment to the hackers.
Rajeev Misra, CEO of SoftBank’s $93 billion tech investment fund, told Bloomberg that the company can move back if Uber shareholders claim too much. “By no means is our investment decided. We are interested in Uber but the final deal will depend on the tender price and a minimum percentage shareholding for SoftBank”, he had said.
Saying that Uber will learn from its mistakes, Dara Khosrowshahi, the present Uber CEO revealed in a blog post that “the stolen information included names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 U.S. drivers.”
Khosrowshahi said that his company has hired Mandiant, a cybersecurity firm owned by FireEye, to investigate the hacking incident.