Ride-hailing service Uber is facing new
investigations by the government, as well as lawsuits by consumers, following revelations about a 2016 data breach that affected 57 million people.
The company concealed the breach for one
year, going so far as to pay hackers $100,000 to destroy the data, Bloomberg reports. Data that was taken includes names, email addresses
and phone numbers of around 50 million customers and 7 million drivers, and driver's license numbers for 600,000 people.
"None of this should have happened, and I will not make excuses for
it," CEO Dara Khosrowshahi stated. The company also ousted its security chief.
The data breach and attempted cover-up
occurred while Uber was already under investigation by the Federal Trade Commission, which settled separate allegations with the company in August.
The FTC said this week that
it is "closely evaluating the serious issues raised” by the revelations about Uber, Reuters reports.
Various state regulators are also investigating whether the company violated consumer protection and data breach laws. On Wednesday, the Attorney General
of Missouri -- one of the states now probing Uber -- sent the company a letter demanding that it immediately notify all affected customers and implement procedures aimed at preventing future data
breaches.
As of Friday morning, at least seven potential class-action lawsuits over the data breach had been filed in federal court against Uber.
Uber's recent settlement with the FTC
stemmed from allegations that the company failed to honor its promise to monitor employees' ability to access consumers' geolocation data, and also failed to provide reasonable security for its
drivers' and users' sensitive data -- including names, driver's license numbers, bank account details and Social Security numbers -- resulting in a 2014 data breach that affected more than 100,000
drivers.
The company agreed to settle those allegations by instituting
a comprehensive privacy policy and undergoing privacy audits for 20 years.
Earlier this year, Uber ousted founder Travis Kalanick, following a wave of bad publicity. Among other high-profile
missteps under Kalanick's watch, the company violated Apple's policies by fingerprinting people's devices, in order to
identify devices that installed the app after deleting it. (Uber said it did so to fight fraud.)
Uber also suffered a public relations crisis after The New York Times reported that Uber used a program it called "Greyball" to prevent investigators from hailing rides. That program involved
examining social media profiles and credit card information (including whether the cards were connected to a police credit union) in order to identify government officials. Uber then "Greyballed"
those officials -- which involved serving them "a fake version of the app populated with ghost cars," according to the Times. Uber said it would stop doing so several days after the report
came out.