Listen to this article
This is an experimental feature. Give us your feedback. Thank you for your feedback.
What do you think?
The UK’s data protection authority has opened an investigation into a massive data breach at Uber that compromised the data of 57m passengers and drivers, saying it has “huge concerns” around the company’s practices.
Overnight, the ride hailing company revealed details of a hack that it discovered in December 2016. It paid $100,000 to hackers to destroy stolen information, and failed to inform users and regulators.
Under new data protection rules that come into force in the EU next May companies will have to identify and notify regulators of data breaches within 72 hours or face significantly increased penalties.
The Information Commissioner’s Office which investigates data breaches in the U.K. said Uber’s decision to conceal the breach could mean it attracts a higher fine.
James Dipple-Johnstone, ICO Deputy Commissioner said:
Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.
We’ll be working with the National Cyber Security Centre plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.
Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.
The New York Attorney General’s Office has also opened an investigation into the breach.