Uber delayed notifying of breach for year - Privacy Commissioner


Still, his presence at Uber's helm might be what helps the embattled company skate by its latest PR fiasco.

After Uber's disclosure on Tuesday, New York Attorney General Eric Schneiderman launched a probe into the hack, his spokesman Amy Spitalnick said.

The San Francisco company ousted Travis Kalanick as CEO in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.

In a statement, the ICO said it was always a company's responsibility to "identify when United Kingdom citizens have been affected as part of a data breach and take steps to reduce any harm to consumers".

The developments have some of the hallmarks of the Equifax data breach, which the credit reporting firm said in September impacted 145 million Americans earlier this year.

On Tuesday, Uber CEO Dara Khosrowashahi revealed in a blog post what the ride-hailing company was hiding from the public since October 2016, i.e., for nearly a year.

In a statement, Khosrowshahi said: "We have to be honest and transparent as we work to fix our past mistakes".

Uber's new chief executive Dara Khosrowshahi appears to be starting as he means to go on. Uber paid the hackers $100,000 to delete the data and not disclose the breach. "Those people responsible for the integrity and confidentiality of the data in-fact covered it up".

Uber has admitted covering up the hack a year ago after personal information of more than 57 million users and drivers was compromised.

The Information Commissioner's Office (ICO) has confirmed that UK Uber users were affected by the breach of 57 million riders and drivers announced this week, and that it's investigating the incident.

"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed", said Khosrowshahi in his blog post.

We are providing these drivers with free credit monitoring and identity theft protection. The incident exposed the personal data (including names, emails, and phone numbers) of around 57 million Uber customers living in different countries.

The company's chief security officer, Joe Sullivan, has been fired.

As part of his effort to set things right, Khosrowshahi extracted Sullivan's resignation from Uber and also jettisoned Craig Clark, a lawyer who reported to Sullivan. Clark could not immediately be reached for comment. Regulation states that companies are required to disclose any hacking events.

"Deliberately concealing breaches from regulators and citizens could attract higher fines for companies", James Dipple-Johnstone, deputy commissioner of the UK Information Commissioner's Office, said in an emailed statement.

Prime Minister Theresa May's official spokesman said: 'These are obviously concerning reports and the National Cyber Security Centre is working closely with domestic and worldwide agencies, including the National Crime Agency and the Information Commissioner's Office, to investigate if and how this breach has affected people in the UK.