Technology, Top News

ICO could fine Uber over mega-breach cover-up

THE INFORMATION COMMISSIONER’S OFFICE (ICO) has confirmed that it’s investigating the mega-breach at Uber that the crapsicab company kept hidden from customers.

In a statement given to the INQUIRER, the ICO said: “It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.

“We’ll be working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.

“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.”

News of the breach was revealed first revealed on Tuesday. It was deliberately hidden under the leadership of now-ousted CEO Travis Kalanick, despite exposing the data of 57 million drivers and users of of the ride-hailing service.

Bloomberg reports that Kalanick paid the hackers $100,000 to delete the data it collected and then failed to warn potential victims.

No social security, credit card or trip info was taken but names and addresses were accessed.

It’s understood that the decision to disguise the hack was made at a time when Uber was already fighting several claims of privacy violations in the US. Similar concerns have been amongst those which led to Uber having its licence removed in London – a decision which it is currently preparing to appeal, but this new revelation won’t help inspire confidence in TfL which made the decision.

Uber’s Chief Security Officer Joe Sullivan has been removed from his post for his part in the cover-up.

“None of this should have happened, and I will not make excuses for it,” new Chief Executive Dara Khosrowshah, said in a statement. “We are changing the way we do business.”

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorised access by the individuals,” Khosrowshahi said. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

Although Uber’s reputation continues to wobble through these continuing revelations, it continues to be almost evangelically popular with users, though recent figures show it is actually losing ground to rival Lyft

Regulators question whether issues such as driver working conditions, passenger safety and of course, data security are being taken seriously enough and although Khosrowshahi’s appointment may put some minds at rest when revelations like this come back to the fore, it all counts for nothing.

Uber has told customers that there is “no evidence of fraud or misuse tied to the incident.” and for drivers, it has offered free credit protection monitoring and identity theft protection, just in case.

This is positive and reflect’s Uber’s public desire to change its tarnished image, but it still leaves us wondering how many more skeletons the new CEO will find in Kalanick’s corner office closet. µ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend