- The Washington Times - Thursday, November 23, 2017

Several states are investigating Uber over the recently disclosed data breach that compromised the personal information of more than 57 million ride share users.

Attorneys general in Connecticut, Illinois, Massachusetts, Missouri and New York separately announced plans to investigate Uber within a day of the company coming clean this week about the previously undisclosed October 2016 data breach, opening the door for other states to potentially launch probes of their own.

New York Attorney General Eric Schneiderman has opened an investigating the incident, his office said Tuesday evening shortly after Uber CEO Dara Khosrowshahi acknowledged the breach in a blog post.

“We’ve launched an investigation into the Uber breach and have been in touch with the company to get more information,” Massachusetts Attorney General Maura Healey subsequently tweeted early Wednesday afternoon.

Representatives for attorneys general in Illinois and Connecticut subsequently said their respective offices would be launching independent investigations as well, and Missouri Attorney General Josh Hawley announced he’s readying a probe of his own, The Hill reported later Wednesday.

“Missouri consumers deserve to know if and when their personal information is compromised — whether that occurs under Uber’s watch or that of other large tech companies,” Mr. Hawley said in a statement Wednesday, the Kansas City Star reported.

Uber revealed on Tuesday afternoon that hackers breached a third-party server in late 2016 and stole the names, email addresses and mobile phone numbers of 57 million ride-share users, as well as the names and driver’s license numbers of about 600,000 drivers in the United States.

Rather than disclosing the breach, Uber paid the hackers $100,000 to erase the data and keep the incident under wraps, according to multiple media reports.
Mr. Khosrowshahi was appointed Uber’s chief executive about 10 months after the breach and recently demanded the resignations of two employees implicated in its response, including Joe Sullivan, Uber’s chief security officer at the time, and Craig Clark, the company’s then-legal director of security and law enforcement.

“None of this should have happened, and I will not make excuses for it,” Mr. Khosrowshahi said Tuesday. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

Forty-eight states have laws requiring companies to disclose data breaches to customers, the Recode website reported.

On Capitol Hill, Democrats in the House and Senate urged the Federal Trade Commission to open its own investigation Wednesday.

“The Federal Trade Commission must immediately begin an investigation into both the breach itself and the company’s outrageous delay in disclosing the breach,” said New Jersey Rep. Frank Pallone, the ranking Democrat on the House Energy and Commerce Committee.

“I urge Federal Trade Commission to take swift enforcement action and impose significant penalties in response to Uber breach,” Connecticut Sen. Richard Blumenthal tweeted Wednesday.

The FTC is “aware of press reports describing a breach in late 2016 at Uber and Uber officials’ actions after that breach” and is “closely evaluating the serious issues raised,” an agency spokesperson told Recode.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide