Uber Technologies Inc. disclosed its massive data breach to prospective investor SoftBank Group Corp. before revealing the details to the public.
The disclosure came as SoftBank conducts due diligence on the ride-hailing company ahead of a potential investment, Uber said in an emailed statement. SoftBank, which may put as much as $10 billion into the company, declined to comment.
Uber faces investigation by regulators after disclosing earlier that it hid for more than a year the hacking of a vast amount of personal data from 57 million drivers and customers. The company ousted its chief security officer and one of his deputies for their roles in hiding the hacking, which included a $100,000 payment to the attackers.
“We informed SoftBank that we were investigating a data breach, consistent with our duty to disclose to a potential investor, even though our information at the time was preliminary and incomplete,” Uber said in the statement. “We also made clear that our forensic investigation was ongoing.”
Reuters reported Uber’s disclosure to SoftBank earlier.
Uber said that once its internal inquiry was concluded and it had a more complete understanding of the facts, the data breach was disclosed to regulators and customers.
The compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million riders around the world. The personal information of about 7 million drivers was accessed as well, including the license numbers of some 600,000 U.S. drivers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.