Uber paid off hackers who obtained data on 57 million customers and drivers around the world.
U.S. Representative Frank Pallone called on Wednesday for a hearing into Uber Technologies Inc's handling of a breach that exposed data about drivers and riders.
According to Khosrowshahi, forensics experts have not seen any evidence that of trip location history, credit numbers, bank account numbers, Social Security numbers, or dates of birth being compromised. Among those, the hackers stole 600,000 driver's license numbers of drivers for the company. It was also revealed that license numbers of drivers which were stolen will be offered free identity theft protection and credit monitoring.
"None of this should have happened, and I will not make excuses for it", he wrote. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes", Khosrowshahi reassured.
"We are investigating the breach", said Jepsen spokeswoman Jaclyn Severance.
Like this story? Share it!
The Uber chief said he only recently learned that outsiders had broken into a cloud-based server used by the company for data and downloaded a "significant" amount of information.
It's easy to look at the Uber data breach and its ensuing cover-up and localize it to Uber's rotten corporate culture.
The maximum penalty is 500,000 pounds under current British law for organisations that fail to notify affected users and regulators when data breaches occur.
In January, Uber agreed to pay $20 million to settle FTC charges it misled drivers about how much they could make using the platform.
State Attorneys General from NY and MA have opened investigations into the data breach.
The company demanded that the hackers sign nondisclosure agreements and then went on to disguise the payout fee as a 'bug bounty, ' The New York Times reports.
Khosrowshahi said the company fired two individuals who led security response.
Khosrowshahi made no mention of whether Uber riders whose information was hacked are being contacted.
Uber says they have assurance that the data was destroyed.
The hackers gained access of information that was stored on GitHub.
Hackers are known to take seemingly low-value information, such as email addresses, and build on them with what they can find or steal elsewhere to prey on victims, according to McAfee vice president of labs Vincent Weafer.