Uber Paid Hackers To Keep Massive Breach Of Personal Data A Secret

Saturday, 25 Nov, 2017

US Senator Richard Blumenthal took to Twitter to call for the FTC to investigate Uber, describing the company's behavior as "inexplicable" and asking for the FTC to impose "significant penalties".

That pledge shouldn't excuse Uber's previous regime for its egregious behaviour, said Sam Curry, chief security officer for the computer security firm Cybereason.

Those processes will be particularly helpful to businesses in meeting new requirements on the notification of personal data breaches under the forthcoming General Data Protection Regulation (GDPR), she said. "Those people responsible for the integrity and confidentiality of the data in-fact covered it up".

The Information Commissioner's Office (ICO) has confirmed that the data breach which was revealed by transport company Uber this week includes an as-yet undisclosed number of United Kingdom citizens, while further evidence emerges of the company's chief executive's prior knowledge of the attack. Some 600,000 U.S. driver's license numbers were also accessed.

Uber announced that it had got rid of its chief security officer as it confirmed his team had not informed victims but instead paid off hackers who breached the company's systems in October 2016.

The agency warned that Uber drivers and riders should "immediately change passwords" that were used for Uber. Ex-CEO and company founder, Travis Kalanick, reportedly learned about the breach a month after it took place, in November 2016.

Drivers have been offered free credit monitoring protection, but according to Uber's statement, affected customers will not be given the same. As a result of this discovery, the startup has ousted both Sullivan and Clark.

Beyond Healey's probe, attorneys general Eric Schneiderman of New York, Lisa Madigan of IL and George Jepsen of CT are also looking into the matter.

Following Uber's announcement, NY Attorney General Eric Schneiderman launched an investigation into the hack while Uber was also hit with a lawsuit over the breach by a customer, seeking class-action status.

Personal details for some 57 million Uber customers and 600,000 drivers were stolen by hackers over a year ago, the company revealed yesterday.

In London, Britain's Deputy Information Commissioner James Dipple-Johnstone said Wednesday the company faces "higher fines" because it concealed the hack from the public.

Uber's silence about its breach came while it was negotiating with the Federal Trade Commission about its handling of its riders' information.

"We do not have sufficient confidence in the number that Uber has told us to go public on it, but we are working with the National Cyber Security Centre and the ICO to have more confidence in the figure", he said.

Tougher data protection regulations are being brought into force next year by the European Union, which will see companies required to introduce improved procedures, with bigger fines for breaches that lead to customer information being accessed.