The United States, United Kingdom, Australia and Philippines governments have said that they will launch separate investigations into ride-sharing company Uber’s security breach in 2016, The Guardian reported.
On Tuesday, the company’s Chief Executive Officer Dara Khosrowshahi said that Uber had failed to disclose a serious security breach in 2016 that exposed the data of 5.7 crore customers. The hackers also downloaded the names and licence numbers of six lakh drivers, Khosrowshahi had said. Uber paid hackers $1,00,000 (Rs 6,47,70,00) to keep the breach a secret.
Khosrowshahi had added that while the names and addresses of customers were accessed in the hack, forensic experts believe that there was no indication that other details like trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth were compromised.
A spokesperson for the US Federal Trade Commission said that the commission was “closely evaluating the serious issues raised” by the breach and Uber’s failure to disclose it. Democratic senator Richard Blumenthal called for swift action, penalties and a Senate hearing against Uber.
The attorneys general in New York, Illinois, Connecticut and Massachusetts states also announced that they were launching investigations.
“Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics,” James Dipple-Johnstone of the UK’s information commissioner’s office said. “Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.”
Prime Minister Theresa May’s spokesperson said that the attack was concerning and that the country’s National Cyber Security Centre is working closely with domestic and international agencies to investigate if and how the breach affected people in the United Kingdom.
The country’s information and privacy commissioner said that such incidents were a reminder of the value of personal information that users provide to receive products and services. The commissioner’s office has begun inquiries with Uber, according to a government statement.
“It is a timely reminder to Australian businesses and agencies of the reputational value of good privacy practice, and the reputational risks that can follow mishandling of personal data,” the statement said.
The National Privacy Commission said it was concerned about the possible impact of the breach on its citizens, and that by virtue of its operations and processing of Filipino end user data, Uber is considered must comply with Philippine data privacy and protection laws.
“We have summoned Uber to a meeting on November 23, to shed more light about the incident and to comply with the formal breach notification procedure as provided by the Data Privacy Act of 2012,” Privacy Commissioner Raymund Enriquez Liboro said. “This includes providing the commission with detailed information on the nature of the breach, the personal data of Filipinos possibly involved, and the measures taken by Uber to address the breach.”