Uber is taking responsibility for a data breach in 2016 that exposed millions of its users to malicious hackers in an effort avoid prosecution.
Uber concealed breach
The concealed breach led to threat actors accessing and copying a trove of data “pertaining to approximately 57 million user records with 600,000 drivers’ license numbers” after using stolen credentials to access a private database.
“Uber Technologies has entered a non-prosecution agreement with federal prosecutors to resolve a criminal investigation into the coverup of a significant data breach suffered by the company,” said the DoJ, citing the FBI and US Attorney’s office that investigated the case.
New management didnt know
Uber didnt announce the incident to the Federal Trade Commission (FTC) for the first year, the point in which it was announced the company was under new management.
“Upon learning of the 2016 data breach, the new leadership team investigated and disclosed it to affected drivers, to the public, to law enforcement, and to foreign and domestic regulators, including state attorneys general and the FTC,” said the DoJ.
Filing a non-prosecution agreement on July 22 with the US Attorney’s office in northern California. Uber stated it admittance that its staff failed to report the breach when it occurred in November 2016, despite a pending investigation by the FTC into the controversial company.
Uber agrees to better measures
Confirming in October 2018, one year after finally admitting it, “Uber agreed to maintain a comprehensive privacy program for 20 years and to report to the FTC any incident reported to other government agencies relating to unauthorized intrusion into individuals’ consumer information.”
The agreement also claims that Uber “has invested substantial resources to significantly restructure and enhance the company’s compliance, legal, and security functions” since the incident.
Other issues
The US-based ride-hailing service platform has come under fire in recent years, and is banned in cities around the world amid claims it flouted local laws, duped police, and exploited violence against drivers.
Last weeks article is available here.
