Two hackers have pled guilty to stealing 57 million files containing customer and driver personal information from Uber, which company officials failed to report to police for almost a year.
Hackers Brandon Glover and Vasile Mereacre recently plead guilty to conspiracy to commit extortion charges for their roles in a 2016 data breach affecting Uber users and drivers. The two men hacked a third-party server to steal the personal information and demanded a $100,000 ransom to delete it.
Uber officials didn’t report the data breach to police but instead paid the ransom and then tracked Glover and Mereacre down. After the men allegedly admitted they were the hackers, company officials required them to sign non-disclosure agreements.
The data breach wasn’t reported to police until almost a year later, when new CEO Dara Khosrowshahi took the helm at Uber. Glover and Mereacre were eventually arrested and pled guilty to the hack this month. A third unnamed person is suspected of participating in the hack but remains at large.
From the data breach, Uber paid $148 million to the Federal Trade Commission to settle a national investigation into why the company failed to notify drivers for a year that their personal information had been compromised. The settlement was reached last year.
The same men also are suspected of hacking a LinkedIn-owned company, also in 2016, but LinkedIn officials refused to pay the ransom and instead reported the data breach to police.