Uber was hit with a massive data breach on 2016 which exposed the names, phone numbers and email addresses of more than 20 million people. The company failed to disclose the leak which led to the Federal Trade Commission launching an investigation into the company.
“After misleading consumers about its privacy and security practices, Uber compounded its misconduct,” said Maureen Ohlhausen, the acting FTC chairman. She announced an expansion of last year’s settlement with the company and said the new agreement was “designed to ensure that Uber does not engage in similar misconduct in the future.”
The intruders had accessed a database of customer personal information of 25.6 million Uber users; both riders and drivers in the US. Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.
The news was first reported in Bloomberg in November when Uber Disclosed the incident. The FTC scolded Uber for waiting more than a year after discovering it. The company has also said that it paid attackers $100,000 to delete the data and keep the breach quiet.
“I am pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts,” Uber Chief Legal Officer Tony West said in an emailed statement.
Data breaches of such scale must be prevented by taking appropriate security measures and hold the companies responsible for not keeping the user data secure.
Take your time to comment on this article.