The men accused of hacking and extorting Uber and LinkedIn pleaded guilty in federal court last week. However, Uber is now being investigated for possibly covering up the incident and bribing the offenders to keep quiet.
The hackers stole over 57 million records of customers and drivers from Uber in 2016. They demanded a ransom from Uber, as well as LinkedIn.
U.S. Attorney David Anderson said Uber, however, did not report the hacking to the police right away. Instead, the company got involved.
“They went out and approached in the real world and actually met with these hackers, and at the time extracted from them written confidentiality agreements, which had the effect of turning the ransom into hush money,” said Anderson.
Uber paid the offenders $100,000, Anderson said. He considers that inappropriate.
“Companies that hold our personal information are the custodians of that information,” he said. “But it is still our information, and they have obligations to us to protect that information and to tell us if they have failed. “
Uber finally reported the hack in 2017 and settled a lawsuit over the incident last year. LinkedIn reported the hack immediately and never paid the hackers.