Uber Data Breach Sparks Investigations, Lawsuits

Ride-hailing service Uber is facing new investigations by the government, as well as lawsuits by consumers, following revelations about a 2016 data breach that affected 57 million people.

The company concealed the breach for one year, going so far as to pay hackers $100,000 to destroy the data, Bloomberg reports. Data that was taken includes names, email addresses and phone numbers of around 50 million customers and 7 million drivers, and driver's license numbers for 600,000 people.

"None of this should have happened, and I will not make excuses for it," CEO Dara Khosrowshahi stated. The company also ousted its security chief. 

The data breach and attempted cover-up occurred while Uber was already under investigation by the Federal Trade Commission, which settled separate allegations with the company in August.

The FTC said this week that it is "closely evaluating the serious issues raised” by the revelations about Uber, Reuters reports.

Various state regulators are also investigating whether the company violated consumer protection and data breach laws. On Wednesday, the Attorney General of Missouri -- one of the states now probing Uber -- sent the company a letter demanding that it immediately notify all affected customers and implement procedures aimed at preventing future data breaches.

As of Friday morning, at least seven potential class-action lawsuits over the data breach had been filed in federal court against Uber.

Uber's recent settlement with the FTC stemmed from allegations that the company failed to honor its promise to monitor employees' ability to access consumers' geolocation data, and also failed to provide reasonable security for its drivers' and users' sensitive data -- including names, driver's license numbers, bank account details and Social Security numbers -- resulting in a 2014 data breach that affected more than 100,000 drivers.

The company agreed to settle those allegations by instituting a comprehensive privacy policy and undergoing privacy audits for 20 years.

Earlier this year, Uber ousted founder Travis Kalanick, following a wave of bad publicity. Among other high-profile missteps under Kalanick's watch, the company violated Apple's policies by fingerprinting people's devices, in order to identify devices that installed the app after deleting it. (Uber said it did so to fight fraud.)

Uber also suffered a public relations crisis after The New York Times reported that Uber used a program it called "Greyball" to prevent investigators from hailing rides. That program involved examining social media profiles and credit card information (including whether the cards were connected to a police credit union) in order to identify government officials. Uber then "Greyballed" those officials -- which involved serving them "a fake version of the app populated with ghost cars," according to the Times. Uber said it would stop doing so several days after the report came out.

Next story loading loading..