The Uber Gap in 2016 affected more than 20 million US users. UU


By and

Updated on

A data breach in 2016 exposed the names , telephone numbers and email addresses of more than 20 million people who use the Uber Technologies Inc. service in the US. UU., The authorities said Thursday, while reprimanding to the company that traveled in car for not revealing the lapse before.

[19659008] The Federal Trade Commission said that Uber did not reveal the leak last year when the agency investigated and sanctioned the company for a similar data breach that occurred in 2014. Bloomberg News reported the violation in November.

"After misleading consumers about their privacy and security practices, Uber aggravated their misconduct," said Maureen Ohlhausen, interim president of the FTC. He announced an expansion of last year's agreement with the company and said the new agreement was "designed to ensure that Uber does not engage in similar misconduct in the future."

In the 2016 gap, intruders in a data storage service run for Inc. obtained non-encrypted consumer personal information related to American drivers and drivers, including 25.6 million names and Email addresses, 22.1 million names and mobile phone numbers and 607,000 names and driver's license numbers, the FTC said at a complaint.

Under the revised agreement, Uber may be subject to civil penalties if it does not notify the FTC of future incidents, and must submit data security audits, the agency said.

Tumultuous Period

Uber went through a tumultuous period last year in which co-founder Travis Kalanick was expelled in June after accusations that the company created a hostile environment for the employees under his leadership. Dara Khosrowshahi was appointed executive director in August and promised a transparent management style.

As part of Khosrowshahi's effort, Uber said on Thursday he would begin verifying driver history annually, in addition to his current practice of conducting such controls when they register to work for Uber. The company also said it will begin to monitor drivers who commit new offenses.

Bloomberg reported for the first time about the data breach in November when Uber revealed the incident. The FTC recriminated Uber for waiting more than a year after discovering it. The company also said it paid the attackers $ 100,000 to remove the data and keep the gap quiet, an unusual measure that hid the episode for more than a year.

For more information on cybersecurity, check out Decryption podcast:

"I'm glad that just a few months after announcing this incident, we have reached a quick resolution with the FTC that blames Uber for past mistakes by imposing new requirements that reasonably fit the facts, "Tony West, Uber's chief legal officer, said in an email.


Source link