The real kicker is that Uber didn't disclose this breach at all.
The names and driver's license numbers for 600,000 Uber drivers in the USA were also stolen, Uber CEO Dara Khosrowshahi said in a statement.
The latest is a cyberattack Uber had been concealing since previous year that exposed personal data on 57 million customers and drivers globally.
The money-losing ride-hailing service is known for the tough stance it has taken against regulators as it seeks to aggressively expand and compete with existing taxi services. Around that same time, the company was in the midst of settling issues with both the NY attorney general and the FTC over the handling of the customer data.
Two members of the Uber information security team who "led the response" that included not alerting users about the data breach were let go from the San Francisco-based company effective Tuesday, according to Khosrowshahi.
A SECRET data hack affecting 57 million Uber customers and drivers has been exposed.
U.S. Representative Frank Pallone called for a Congressional hearing.
Britain's data protection authority said it would work with agencies in the United Kingdom and overseas to investigate the matter.
Should we all just assume our data is lost?
Under new data protection rules that come into force in the European Union next May, companies will have to identify and notify regulators of data breaches within 72 hours or face significantly increased penalties.
"Deliberately concealing breaches from regulators and citizens could attract higher fines for companies", Dipple-Johnstone said.
Data from 57 million users and drivers were compromised in a data breach incident Uber concealed for more than a year.
Kalanick, through a spokesman, declined to comment. "I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it", Khosrowshahi wrote in a blog post. In addition to its legal troubles, Uber has faced criticism for sexual harassment issues, underpaying and deceiving drivers, questioning a rape victim, and surge pricing during times of crisis.
Uber bad days will pass once the company take several precautionary measures. Uber is appealing the decision. Did Uber security have any monitoring in place to alert them when such vast amounts of data were accessed?
Jeremiah Grossman, chief of security strategy at security firm SentinelOne, says this was not a sophisticated hack.