WASHINGTON (Reuters) – The two individuals behind the 2016 data breach at Uber Technologies Inc [UBER.UL] were found to be in Canada and Florida, an Uber cybersecurity executive told the U.S. Congress on Tuesday.
About 25 million users affected by the breach are users located in the United States, John Flynn, chief information security officer at Uber, said in written testimony to the Senate Commerce Committee. Uber announced the breach of 57 million worldwide users in November.
Of those impacted in the United States, 4.1 million were drivers, according to the testimony.
The testimony from Flynn is the most comprehensive public account to date of the Uber hack, the handling of which prompted newly appointed Uber Chief Executive Dara Khosrowshahi to fire two of the company’s top security officials.
Reuters reported in December that a 20-year-old man was primarily behind the massive data breach, and that he was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities.
Reporting by Dustin Volz; Editing by Richard Chang and Andrea Ricci