This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/technology/2017/nov/22/uber-scrutiny-data-breach-hacking
The article has changed 6 times. There is an RSS feed of changes available.
| Version 3 | Version 4 |
|---|---|
| Uber faces slew of investigations in wake of 'outrageous' data hack cover-up | Uber faces slew of investigations in wake of 'outrageous' data hack cover-up |
| (2 months later) | |
| US, UK, Australia and Philippines to investigate hack that affected 57m people | |
| Global nature of breach exposes Uber to potential liability in many regions | |
| Julia Carrie Wong in San Francisco | |
| Wed 22 Nov 2017 21.40 GMT | |
| Last modified on Thu 23 Nov 2017 08.49 GMT | |
| Share on Facebook | |
| Share on Twitter | |
| Share via Email | |
| View more sharing options | |
| Share on LinkedIn | |
| Share on Pinterest | |
| Share on Google+ | |
| Share on WhatsApp | |
| Share on Messenger | |
| Close | |
| Uber is facing government scrutiny around the world in the wake of its admission it concealed a massive data breach affecting 57 million drivers and passengers. | Uber is facing government scrutiny around the world in the wake of its admission it concealed a massive data breach affecting 57 million drivers and passengers. |
| The $68bn ride-hailing company acknowledged Tuesday that hackers had stolen the personal information in October 2016, and that Uber had paid them $100,000 to destroy the information and keep the breach quiet. | The $68bn ride-hailing company acknowledged Tuesday that hackers had stolen the personal information in October 2016, and that Uber had paid them $100,000 to destroy the information and keep the breach quiet. |
| The global nature of the breach exposes Uber to potential liability in numerous jurisdictions. Many countries and US states have laws requiring companies to inform individuals if their personal information has been compromised. | The global nature of the breach exposes Uber to potential liability in numerous jurisdictions. Many countries and US states have laws requiring companies to inform individuals if their personal information has been compromised. |
| “Uber has made Equifax’s response to the data breach look very good, which is really saying something,” said Gus Hurwitz, co-director of the University of Nebraska college of law’s space, cyber and telecom law program. He was referring to a breach this year of the credit monitoring agency Equifax in which the social security numbers of 143 million Americans were exposed. | “Uber has made Equifax’s response to the data breach look very good, which is really saying something,” said Gus Hurwitz, co-director of the University of Nebraska college of law’s space, cyber and telecom law program. He was referring to a breach this year of the credit monitoring agency Equifax in which the social security numbers of 143 million Americans were exposed. |
| Authorities in the United States, United Kingdom, Australia, and the Philippines said on Wednesday they were launching investigations. | Authorities in the United States, United Kingdom, Australia, and the Philippines said on Wednesday they were launching investigations. |
| “Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics,” James Dipple-Johnstone of the UK’s information commissioner’s office, said in a statement. “Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.” | “Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics,” James Dipple-Johnstone of the UK’s information commissioner’s office, said in a statement. “Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.” |
| Raymund Enriquez Liboro, the privacy commissioner of the Philippines, said in a statement that the commission had “summoned” Uber to a meeting on 23 November to “shed more light about the incident” and to comply with its data privacy laws. | Raymund Enriquez Liboro, the privacy commissioner of the Philippines, said in a statement that the commission had “summoned” Uber to a meeting on 23 November to “shed more light about the incident” and to comply with its data privacy laws. |
| A spokesperson for the US federal trade commission [FTC], which has broad authority to take action against companies engaging in deceptive or unfair practices, said the commission was “closely evaluating the serious issues raised” by the breach and Uber’s failure to disclose it. | A spokesperson for the US federal trade commission [FTC], which has broad authority to take action against companies engaging in deceptive or unfair practices, said the commission was “closely evaluating the serious issues raised” by the breach and Uber’s failure to disclose it. |
| Democratic senator Richard Blumenthal called for the FTC to “take swift enforcement action and impose significant penalties” on Uber in a series of tweets. Blumenthal also called for a Senate hearing “to demand Uber explain their outrageous breach – and inexplicable delay in informing its consumers and drivers”. | Democratic senator Richard Blumenthal called for the FTC to “take swift enforcement action and impose significant penalties” on Uber in a series of tweets. Blumenthal also called for a Senate hearing “to demand Uber explain their outrageous breach – and inexplicable delay in informing its consumers and drivers”. |
| Uber reached a settlement with the FTC over privacy and data security issues in August. Hurwitz said that the FTC will likely now investigate both the 2016 breach itself and whether Uber violated its consent decree or withheld information from the FTC – which could result in fines. | Uber reached a settlement with the FTC over privacy and data security issues in August. Hurwitz said that the FTC will likely now investigate both the 2016 breach itself and whether Uber violated its consent decree or withheld information from the FTC – which could result in fines. |
| State attorneys general in New York, Illinois, Connecticut and Massachusetts confirmed that they were launching investigations. Forty-eight US states have some version of laws requiring companies to notify individuals of security breaches. | State attorneys general in New York, Illinois, Connecticut and Massachusetts confirmed that they were launching investigations. Forty-eight US states have some version of laws requiring companies to notify individuals of security breaches. |
| “Failure to notify can subject Uber to substantial monetary damages, especially if it was intentional,” said Hurwitz. “Generally, it’s a fine per record. You can see how those numbers get very large very quickly.” | “Failure to notify can subject Uber to substantial monetary damages, especially if it was intentional,” said Hurwitz. “Generally, it’s a fine per record. You can see how those numbers get very large very quickly.” |
| “We’ve been in touch with several state attorney general ffices and the FTC to discuss this issue, and we stand ready to cooperate with them,” an Uber spokesperson said. | “We’ve been in touch with several state attorney general ffices and the FTC to discuss this issue, and we stand ready to cooperate with them,” an Uber spokesperson said. |
| Uber has not responded to numerous queries from the Guardian seeking information on the number of countries whose residents were affected by the hack. | Uber has not responded to numerous queries from the Guardian seeking information on the number of countries whose residents were affected by the hack. |
| This latest scandal caps – unless something else arises before 31 Decemeber – a troubled year for Uber; 2017 started with the viral #deleteuber movement and continued apace with the Greyball revelation, Susan Fowler’s sexual harassment memo, and Travis Kalanick’s ousting from the company he built. | This latest scandal caps – unless something else arises before 31 Decemeber – a troubled year for Uber; 2017 started with the viral #deleteuber movement and continued apace with the Greyball revelation, Susan Fowler’s sexual harassment memo, and Travis Kalanick’s ousting from the company he built. |
| Uber’s decision to lift surge pricing during a New York taxi drivers’ work stoppage in protest of the Trump travel ban prompts a viral #DeleteUber campaign. | Uber’s decision to lift surge pricing during a New York taxi drivers’ work stoppage in protest of the Trump travel ban prompts a viral #DeleteUber campaign. |
| Former Uber engineer Susan Fowler publishes a blog post with allegations of widespread sexual harassment and gender discrimination. | Former Uber engineer Susan Fowler publishes a blog post with allegations of widespread sexual harassment and gender discrimination. |
| The New York Times exposes Uber’s use of Greyball, a tool to systematically deceive authorities in cities where Uber was violating local laws. | The New York Times exposes Uber’s use of Greyball, a tool to systematically deceive authorities in cities where Uber was violating local laws. |
| Uber admits it has for years been underpaying New York City drivers by tens of millions of dollars. | Uber admits it has for years been underpaying New York City drivers by tens of millions of dollars. |
| Uber fires 20 employees following the conclusion of an investigation into sexual harassment and workplace culture. | Uber fires 20 employees following the conclusion of an investigation into sexual harassment and workplace culture. |
| Uber is sued by an Indian passenger who was raped by an Uber driver after reports reveal that a top executive had obtained the woman’s medical records, allegedly in order to cast doubt upon her account. | Uber is sued by an Indian passenger who was raped by an Uber driver after reports reveal that a top executive had obtained the woman’s medical records, allegedly in order to cast doubt upon her account. |
| CEO Travis Kalanick resigns. | CEO Travis Kalanick resigns. |
| The Wall Street Journal reports that Uber had rented fire-prone cars to drivers in Singapore, despite knowing that the vehicles had been recalled over serious safety concerns. | The Wall Street Journal reports that Uber had rented fire-prone cars to drivers in Singapore, despite knowing that the vehicles had been recalled over serious safety concerns. |
| Uber loses its license to operate in London due to a lack of corporate responsibility. The company is appealing the decision. | Uber loses its license to operate in London due to a lack of corporate responsibility. The company is appealing the decision. |
| Uber admits concealing a 2016 breach that exposed the data of 57 million Uber customers and drivers, failing to disclose the hack to regulators or affected individuals. The company paid a $100,000 ransom to the hackers to destroy the information and keep the breach quiet. | Uber admits concealing a 2016 breach that exposed the data of 57 million Uber customers and drivers, failing to disclose the hack to regulators or affected individuals. The company paid a $100,000 ransom to the hackers to destroy the information and keep the breach quiet. |
| Uber fired chief security officer Joe Sullivan and one of his deputies over their handling of the breach. Sullivan is a former federal prosecutor who joined Uber after serving as chief security officer for Facebook. | Uber fired chief security officer Joe Sullivan and one of his deputies over their handling of the breach. Sullivan is a former federal prosecutor who joined Uber after serving as chief security officer for Facebook. |
| Hurwitz and other legal experts warned that Sullivan might face ethical inquiries from whichever state bars he belongs to. Sullivan could not immediately be reached for comment. | Hurwitz and other legal experts warned that Sullivan might face ethical inquiries from whichever state bars he belongs to. Sullivan could not immediately be reached for comment. |
| “None of this should have happened, and I will not make excuses for it,” Uber chief executive Dara Khosrowshahi said in a statement Tuesday. | “None of this should have happened, and I will not make excuses for it,” Uber chief executive Dara Khosrowshahi said in a statement Tuesday. |
| The company will also likely face lawsuits by customers and drivers whose personal information was compromised by the breach. A class action complaint was filed in federal court in Los Angeles on Tuesday, within hours of the breach’s disclosures. | The company will also likely face lawsuits by customers and drivers whose personal information was compromised by the breach. A class action complaint was filed in federal court in Los Angeles on Tuesday, within hours of the breach’s disclosures. |
| US courts are divided over how to handle class action suits involving data breach suits. Some courts allow any individual whose personal information was leaked to join suits, while others require plaintiffs to show that they actually suffered harm from the breach. | US courts are divided over how to handle class action suits involving data breach suits. Some courts allow any individual whose personal information was leaked to join suits, while others require plaintiffs to show that they actually suffered harm from the breach. |
| Either way, Hurwitz said, “You can be certain that litigation is coming.” | Either way, Hurwitz said, “You can be certain that litigation is coming.” |
| Uber | |
| Hacking | |
| news | |
| Share on Facebook | |
| Share on Twitter | |
| Share via Email | |
| Share on LinkedIn | |
| Share on Pinterest | |
| Share on Google+ | |
| Share on WhatsApp | |
| Share on Messenger | |
| Reuse this content |