New York Attorney General Launches Uber Investigation over Hacking Cover-Up

New York Attorney General Launches Uber Investigation over Hacking Cover-Up

A pair of hackers discovered the archive of 57 million Uber riders and drivers and stole names, email addresses, phone numbers as well as driver's license numbers of 600,000 Uber drivers.

It is the latest disclosure of a major breach involving a prominent company.

The Uber CEO said that he only recently learned that outsiders had broken into a cloud-based server used by the company for data and downloaded a "significant" amount of information.

"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes", Khosrowshahi wrote. "We are changing the way we do business".

Finally telling Uber users about the hack in a blog post yesterday, the company's CEO Dara Khosrowshahi gave a vague outline as to how the tech startup dealt with the hackers.

More news: Christmas tree shortage may lead to higher prices this year

United Kingdom authorities were unaware of a mass data breach at Uber that potentially put British customers' personal details into the hands of cyber criminals.

Uber waited until Tuesday to begin notifying the drivers with compromised driver's licenses, which can be particularly useful for perpetrating identify theft.

Under new data protection rules that come into force in the European Union next May, companies will have to identify and notify regulators of data breaches within 72 hours or face significantly increased penalties.

The massive breach took place in 2016, and the ride-sharing company tried to cover it up for more than a year, paying the hackers to delete the stolen data.

In September, the agency revealed its EDGAR system, a platform that pools financial reports on publicly traded companies, has been breached in 2016.

More news: The explosion at a mosque in Nigeria killed 30 people

"If U.K. citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed", said James Dipple-Johnstone of the U.K. Information Commissioner's Office.

So far, Uber says there's no evidence that the data taken has been misused.

Uber's payoff to prevent hackers from leaking the stolen data is more similar to recent extortion attempts on Netflix and HBO than ransomware campaigns.

Uber also fired two employees who were responsible for providing information to hackers.

Uber has set up a website for users who have been affected.

More news: Trump declares North Korea a state sponsor of terror

The new legislation "is creating a sense of urgency that not only do companies need to operate in a timely and effective manner, but that they need to build a more risk-based, proactive resilience-based approach to cybersecurity", Kleinman said. Sullivan, formerly the top security official at Facebook Inc and a federal prosecutor, served as both security chief and deputy general counsel for Uber. In addition to its legal troubles, Uber has faced criticism for sexual harassment issues, underpaying and deceiving drivers, questioning a rape victim, and surge pricing during times of crisis.

Related Articles