Uber under UK investigation after concealment of data breach
Ride-hailing app Uber now faces a multitude of cross-border investigations after it deliberately concealed the data breach of more than 57 million of its users.
Uber also admitted that it paid a $100,000 ransom to hackers to delete the data after it was stolen in October 2016.
Reports suggest that UK names, email addresses, and phone numbers were among the millions stolen from the Uber database.
Matt Hancock, the minister for digital, said the Government is verifying the extent and amount of information stolen.
“When we have a sufficient assessment, we will publish the details of the impact on UK citizens, and we plan to do that in a matter of days,” he said speaking to Parliament this week.
Mr Hancock added that he would not rule out that the information stolen could not be used for financial crime.
The news comes shortly before the General Data Protection Regulation (GDPR) is due to come into force in May 2018. Replacing the UK’s current data protection laws, GDPR will see firms fined significantly more for misusing or failing to proactively protect consumer data – up to 20 million euros in the most serious cases.
UK data watchdog the Information Commissioner’s Office (ICO) said Uber will face fines for the “cover up”.
“Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.
“If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.
“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.”