The consequences of Uber's disclosure yesterday of a mbadive data breach affecting 57 million users and controllers that he hid for a year continues: the UK data protection agency has issued a strong statement that says The company's announcement "raises serious concerns about its data protection and ethics policies."
He also warned that deliberately concealing infringements of regulators and citizens "could attract higher fines."
It is still unclear exactly how many Uber Uk users have been directly affected by the October 2016 breach, although Uber revealed yesterday that some international users are affected.
At the time of writing, the company has not responded to requests for a more detailed breakdown of the bookmarks that are affected by the infringement, including whether the data of UK Uber users committed.
In a blog post yesterday Uber said "some personal information from 57 million Uber users around the world". "It had been in the files downloaded by hackers, including 'names, email addresses and mobile numbers.'
" Our external forensic experts have not seen any indication of travel location history, card numbers Credit, bank account numbers, Social Security numbers have been downloaded or dates of birth, "he added.
The comments by the UK regulator are a clear warning to a company that has already been censored by a federal agency in the US. for reasons of data security and privacy: in August he agreed to 20 years of privacy audits by the FTC to resolve a claim on privacy and security claims prior to this new and increased data breach.
Comments also They are significant because Uber is appealing a decision in September by the transport regulator of London to strip her of her to operate in the capital of the United Kingdom. (Although it can, and still does, operate in the city during the appeal process)
Among the concerns cited by Transport for London to withdraw Uber's license is its approach to explain its use of the internal software, Greyball, which Uber used in the USA UU to try to control and block regulatory agencies from having full access to their application, in an attempt to circumvent regulators and law enforcement agencies. Earlier this year, it was reported that the Justice Department was investigating the use of Uber by Greyball.
It also faces a series of other federal investigations related to various aspects of its business operations.
Here is the full statement on Iber's Uber infringement Deputy Commissioner James Dipple-Johnstone:
Uber's announcement of a hidden data breach in October raises serious concerns about its data protection policies and ethics.
It is always the responsibility of the company to identify when the citizens of the United Kingdom have been affected as part of a data breach and to take measures to reduce any harm to consumers. If the citizens of the United Kingdom were affected, we should have been notified in order to evaluate and verify the impact on the people whose data were exposed.
We will work with the NCSC plus other relevant authorities in the United Kingdom and abroad to determine the scale of the gap, how it has affected people in the UK and what steps the business should take to ensure that it fully complies with your data protection obligations.
Deliberately hidden infractions of regulators and citizens could result in higher fines for businesses.
The National Cybersecurity Center of the United Kingdom, a subsidiary of the domestic intelligence agency GCHQ, has also issued a statement on the Uber infringement, in which it says: "Companies must always report any cyber attack to the NCSC immediately. The more information the company shares in a timely manner, the better we can support it and prevent others from becoming victims. "
The agency also notes that it is working closely with the National Crime Agency and the ICO to investigate "how this violation has affected people in the UK and advises on appropriate mitigation measures."
"According to the current information, we have not seen evidence that the financial details have been compromised," the NCSC adds.
Featured image: TechCrunch