RECENTLY APPOINTED Uber CEO Dara Khosrowshahi allegedly knew about the mega-hack on the firm 'months' before it was revealed to the public.
Uber recently confirmed that it had suffered a catastrophic hack affecting around 57 million of its users globally, with reports having claimed that the breach hidden under the leadership of now-ousted CEO Travis Kalanick.
It wasn't just Kalanick that knew about the breach, according to a report published by the Wall Street Journal which claims that it took a while for the company's management team to decide to make the news public and inform affected users.
It states that recently appointed CEO Dara Khosrowshahi was told about the hack two weeks after he took the job on 5 September and adds that he opted to keep it a secret for more than two months.
Of course, it's in the public's interest to learn about such hacks. But due to a range of internal problems, the company allegedly decided to keep the news under wraps.
What is known for sure is that Khorowashahi did order the subsequent internal investigation. As soon as he found out about the news, he wanted to learn about how the hack happened and how many people had been affected.
Uber's own security teams, and their specialist digital forensics firm Mandiant wanted to find out how the hackers were able to compromise company systems and get access to customer data.
They also wanted to fire the executives responsible for covering up the attack. According to the report, the company told future investor SoftBank only three weeks before the WSJ report hit the web.
The researchers weren't able to inform the company about how many people fell victim to the attack. In fact, they've only just discovered this information.
In a statement, the company explained that it had a "duty to disclose to a potential investor" and had already unveiled the hack in a "very public way" following the investigation.
Last week, the UK's Information Commissioner's Office (ICO) confirmed it's looking into the breach, although the number of UK-based users affected still remains unknown.
In a statement given to the INQUIRER, the ICO said: "It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.
"We'll be working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations." µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe