The new CEO of Uber, Dara Khosrowshahi, revealed on Tuesday evening that the ride-sharing giant had been the victim of a data breach in 2016.
Two hackers were able to break into a company providing cloud-based storage for Uber, stealing personal information of 57 million Uber users around the world.
What was taken?
Uber says the 57 million people affected had information including their names, email addresses and cellphone numbers compromised.
A further 600,000 Uber drivers in the United States had their names and driver's license numbers stolen.
Uber says there's no indication the breach compromised any trip location history, bank or credit card numbers, Social Security numbers, or dates of birth of riders.
But wait, it gets worse
At the time of the incident, Uber said it took steps to secure the data and shut down further access, identifying the people responsible and "obtained assurances that the downloaded data had been destroyed."
By "obtained assurances," Bloomberg reports this means Uber paid these hackers $100,000 not only to delete the data, but also to keep the hack secret for the past year.
Two staff members, including its chief security officer, has been fired for keeping the hack under wraps.
How will I know if I'm affected?
Although Uber said it believes the information was never used, it is still offering free credit monitoring to the 600,000 people whose driver's licenses were compromised, which could put them at greater risk of identity theft.
These people can expect to be contacted by Uber informing them their information was compromised in later weeks. They can find more information hereabout what to do next.
As for the 57 million riders whose data was accessed, Uber says it has "seen no evidence of fraud or misuse tied to the incident."
It says it's monitoring their accounts and "flagged them for additional fraud" protection but right now riders are advised to monitor their credit, banking and Uber accounts for any suspicious activity.
However, the New York Times reports the cover-up shows "the extent to which Uber executives were willing to go" to protect the company's reputation at a time where it's been under the microscope for its data privacy practices.
As well as paying the $100,000 "ransom" to the hackers, they even went as far as making them sign nondisclosure agreements to keep it secret, the newspaper notes.
Amid the aforementioned data privacy concerns, it will be quite the road back for Uber to regain the trust of its riders and drivers, something Khosrowshahi acknowledges in his statement.