Advertisement
U.S. markets closed
  • S&P Futures

    5,304.25
    -4.00 (-0.08%)
     
  • Dow Futures

    40,140.00
    -36.00 (-0.09%)
     
  • Nasdaq Futures

    18,465.00
    -38.75 (-0.21%)
     
  • Russell 2000 Futures

    2,145.20
    +6.80 (+0.32%)
     
  • Crude Oil

    83.11
    -0.06 (-0.07%)
     
  • Gold

    2,254.80
    +16.40 (+0.73%)
     
  • Silver

    25.10
    +0.18 (+0.74%)
     
  • EUR/USD

    1.0789
    -0.0005 (-0.04%)
     
  • 10-Yr Bond

    4.2060
    +0.0100 (+0.24%)
     
  • Vix

    13.01
    +0.23 (+1.80%)
     
  • GBP/USD

    1.2626
    +0.0004 (+0.03%)
     
  • USD/JPY

    151.3160
    -0.0560 (-0.04%)
     
  • Bitcoin USD

    70,719.55
    +1,046.17 (+1.50%)
     
  • CMC Crypto 200

    885.54
    0.00 (0.00%)
     
  • FTSE 100

    7,952.62
    +20.64 (+0.26%)
     
  • Nikkei 225

    40,341.68
    +173.61 (+0.43%)
     

Uber faces fines in the UK over cover-up of 57m stolen user details

Uber is in hot water over a massive data breach it covered up for a year - AFP
Uber is in hot water over a massive data breach it covered up for a year - AFP

An investigation is underway after the personal details of British Uber customers were feared stolen.

The ride-sharing app paid hackers $100,000 (£75,000) to delete data belonging to 57 million customers and drivers worldwide and keep quiet about the breach, it revealed on Tuesday night. 

On Wednesday the Information Commissioner's Office, the UK's data watchdog, suggested that the beleaguered tech firm could face fines for the cover-up.

“Uber's announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.

"If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.

"Deliberately concealing breaches from regulators and citizens could attract higher fines for companies."

Travis Kalanick
Uber founder Travis Kalanick was in charge when the breach took place but has since resigned as chief executive

It will work with the National Cyber Security Centre to determine the scale of the breach and how it has affected British riders. 

Uber has not confirmed which countries have been affected, but founder Travis Kalanick said in October 2016 - the same month as the breach - that its entire global customer base was 40 million, which suggests that the vast majority of its accounts had been breached.

The company now has 65 million active riders globally. In the UK it has 5 million active riders - those who have taken a trip in the last three months - including 3.5 million in London.

The tech company has 3.5 million active riders in London alone, where it is trying to win back its licence from Transport for London.  

The company, valued at almost $70bn, has suffered several setbacks caused by internal bickering, sexual harassment scandals and the resignation of controversial Mr Kalanick. He was replaced in August by Dara Khosrowshahi, who has promised to fix the company’s culture and repair relationships with regulators like Transport for London. 

Uber controversies timeline

Khosrowshahi revealed the hack on Tuesday evening and fire Uber’s security chief and former Facebook lead Joe Sullivan over the debacle. 

Coming clean about the breach, he revealed names, email addresses and mobile numbers along with the license numbers of around 6000,000 drivers in the United States were stolen. 

External forensic experts hired by the company claimed there was “no indication” that trip location history, credit card numbers, bank account numbers of dates of birth were downloaded. Uber will notify affected drivers by email but did not say whether it would contact individual riders.

The National Cyber Security Centre appeared to confirm that financial details had not been breached. 

“Based on current information, we have not seen evidence that financial details have been compromised,” a spokesperson said. 

Two hackers, not believed to be employees, were able to access the information after workers left keys to the company’s cloud account on GitHub, a site where developers can share software code. 

David Higgins, cyber security expert at CyberArk said that the breach was “bad practice” but it was likely that “opportunists” had found the information before bribing the company.  He suggested that breaches were a regular occurrence within the tech industry thanks to lack of regulation.

“Uber aren’t alone in this and until GDPR comes in next year there isn’t currently any legal mandate,” he said. 

Advertisement