Uber hid data breach that exposed info for 57 million users

Pat Wise
November 28, 2017

However, Khosrowshahi isn't about to defend his company's past behavior.

The large-scale global hack was confirmed by Uber CEO Dara Khosrowshahi in a blog post following a report by Bloomberg.

Several US senators are troubled with Uber's belated reporting of a 2016 data breach and demanding answers. It says there's no evidence the data was misused.

"I$3 n late 2016 we [Uber] became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use". That information included names, email addresses and mobile phone numbers, the company said.

"The company maintains that its outside forensic experts have not seen any indication that customer trip location history, credit card numbers, bank account numbers, Social Security numbers, or dates of birth were downloaded". It's not been disclosed whether the culprits were employed by the cloud provider that was apparently hacked.

Both letters include a list of questions, including whether the company sought to deliberately cover up the breach, if so why, and who authorized the $100,000 payment to the hackers. Regulators from around the globe including the U.S., EU, Mexico, Canada, Australia, and the Philippines are investigating the theft.

Tufts postpones event with Anthony Scaramucci after he threatens to sue student
Caballero wrote another op-ed on November 13 in which he said the school's administration " fell into Scaramucci's trap ". "Especially since Mr.

Grandma, teen from accidental Thanksgiving dinner text get together again this year
We got to laugh about previous year and reminisce about how it all blew up on our phone and how I had to change my number. After the mixup was discovered, Hinton joked about whether he can still get a plate of food, despite the wrong number.

Trump and Time magazine dispute Person of the Year plans
US President Donald Trump frequently brags about his cover appearances in the iconic magazine. Saturday's Time magazine tweet served to cement his meme-premacy.

The company is also under investigation by the Fair Work Ombudsman over the classification and treatment of its drivers.

So far, three putative class action lawsuits have been filed in California and OR alleging that Uber failed to protect consumer data. In some states, public notification is required within 30 days of when the company learns of the breach and may even require the company to notify the media when a considerable number of consumers are impacted.

Uber reached a consent decree with the Federal Trade Commission last August over privacy and data security practices, which the senators are concerned it may have breached, at least in spirit.

Beyond that, it is unknown how much additional personal information was also accessed. While the company was negotiating the bribe with the hackers, it was also in discussions with USA regulators over a separate privacy violation, and the company was also fined $20,000 a year ago for failing to disclose a smaller data breach that took place in 2014.

The incident, which occurred more than a year ago and was kept under wraps, has raised concerns about what a responsible disclosure should look like in the wake of a major security breach. It's unclear whether this news will trigger a renegotiation of the deal terms.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER