FTC Now ‘Closely Evaluating’ Massive Uber Data Breach, European Regulators Are On It, Too
Uber dropped a bombshell recently after revealing that in 2016, a massive data breach of its servers had put highly sensitive data of 57 million drivers and riders at risk of being exposed.
The hackers responsible demanded $100,000 from Uber to delete their copy of those accounts, which included names, email addresses, and phone numbers.
But it went out of its way to make sure the hackers were going to keep mum about the whole incident by making them sign nondisclosure agreements. Then it went on to pretended that the whole thing was the result of a bug bounty program, a common practice in which major companies enlist the help of hackers to find vulnerabilities within their products or services.
The revelation came a year later, at a time when new Uber CEO Dara Khosrowshahi has barely begun fixing Uber's laundry list of troubles.
FTC Is Aware Of Uber Data Breach
It appears the Federal Trade Commission, which investigates companies accused of being shady with consumer data, is now "closely evaluating the serious issues" raised in Uber's handling of the data breach, according to a report from Reuters.
"We are aware of press reports describing a breach in late 2016 at Uber and Uber officials' actions after that breach. We are closely evaluating the serious issues raised," said a spokesman for the agency.
Uber settled a prior investigation into security and privacy complaints dating back to 2014 and 2015. Also, this summer, Uber agreed to 20 years of external FTC audits and to abide by various conditions in the consent order.
But the previous security breach was far smaller than the one that's been disclosed. Only 100,000 Uber drivers were at risk during the May 2014 breach.
European Union Privacy Regulators Might Investigate Uber Data Breach
Since Uber's massive data breach involves drivers and riders from across the entire globe, it's no surprise that other nations aside from the United States are taking steps to look into the incident.
As Reuters reports, European Union privacy regulators will discuss the data breach next week and could launch a task force that will coordinate investigations.
The chair of the group of European data protection authorities said on Thursday, Nov. 23, that the data breach would be discussed during its Nov. 28 and Nov. 29 meetings.
The data protection authorities also argued that the breach — and Uber's attempt to sweep it under the rug — raised "huge concerns" regarding the company's ethics, which already was rather flimsy even before this revelation broke through given its various workplace troubles.