Uber’s massive security breach: Company faces probes, questions galore

A day after scandal-plagued Uber admitted it covered up for a year a data breach affecting 57 million — and fired its chief security officer — security questions abound.

Among the regulators who have opened investigations or are poking around: officials in Britain, Italy, Holland, Australia and the Philippines, according to various reports.

An Uber spokesperson told Reuters the company has been in touch with several state Attorney General Offices. The New York State AG has reportedly opened an investigation. And U.S. lawmakers are urging the Federal Trade Commission to investigate.

Uber’s failure to disclose the breach was probably illegal in U.S. states that have data-breach laws (most of them), although the notification requirements vary, the Wall Street Journal points out.

Get tech news in your inbox weekday mornings. Sign up for the free Good Morning Silicon Valley newsletter.

Can Uber be trusted? After all, the San Francisco company paid the hackers $100,000 to delete the data — including personal information about drivers and passengers — they accessed, and to keep quiet about the breach, according to Bloomberg. Uber just disclosed what happened Tuesday, a year after the hack occurred.

“That’s a million-dollar question,” said Jeff Nolan, chief marketing officer of Irvine-based enterprise security firm SecureAuth, in a phone interview Wednesday. He noted that there have been so many data breaches that consumers seem to have become “immune to them — or maybe they don’t care.”

But this is not Uber’s first security-related misstep. In fact, Bloomberg reports that at the time of the big hack, late 2016, the company was in talks with U.S. regulators about a separate instance of privacy violations. In August, Uber settled with the FTC over “God view,” a controversial program the company used to track riders’ locations, and a 2014 data breach. Under the settlement, Uber’s privacy practices must be reviewed by an outside auditor every two years for 20 years.

However, Nolan said the reaction by Uber’s new CEO, Dara Khosrowshahi, is “good crisis communication”: He demanded CSO Joe Sullivan’s resignation and fired an aide to Sullivan, Tony West, according to reports.

“As Uber’s CEO, it’s my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of,” Khosrowshahi said in a blog post Tuesday. “For that to happen, we have to be honest and transparent as we work to repair our past mistakes.”

He said the company is notifying the affected drivers, whose names and driver’s license information were compromised, and regulators. He also said he has brought in Matt Olsen, former director of the National Counterterrorism Center under President Obama and general counsel for the National Security Agency, to help “think through” the company’s future security processes.

Khosrowshahi said in the blog post that he “recently” found out about the cover-up but did not specify when. When reached by SiliconBeat Wednesday, an Uber spokeswoman said the company had no additional comment beyond the CEO’s blog post.

The company’s latest scandal comes as it tries to secure an investment from SoftBank, the Japanese conglomerate that’s said to considering buying a stake in Uber worth up to $10 billion. The company is also still dealing with the aftermath of complaints about sexual harassment and a sexist workplace culture, which were factors that led to the departure of CEO and co-founder Travis Kalanick. He remains on the company’s board of directors. Khosrowshahi became chief executive at the end of August.


Photo: Outside Uber offices on Market Street in San Francisco in 2014. (Karl Mondon/Bay Area News Group)


Tags: , ,


Share this Post

  • Chuck Cotton

    Uber as well as its copy cat,Lyft, have been so TOXIC since inception. These operators have BLUFFED politicians, regulatory agencies, the public, Investors, and law enforcement agencies through out America and global cities. They guised themselves as an app technology company only not subject to the transportation laws. Of course they are indeed a Motor Carrier Transportation company subject to full compliance with the US CODE, state statutes, and municipal ordinances that exist. Uber and Lyft CONTROL all portal to portal operations in transporting the public for compensation. They CONTROL the app, the money, hiring/firing of drivers, screening/scoring systems, the pricing. Such CONTROL classifies them as the EMPLOYER and the driver as the EMPLOYEE. Of course they have defrauded the US and State treasuries of -payroll taxes, ad valorem taxes, sales taxes, income taxes and screwed the drivers out of employment benefits.There have been numerous laws at all levels broken.

    The big question is whether the new Uber CEO Dara Khosrowshahi and newly in house counsel, Tony West, will continue the toxic business platform or overhaul it to a compliant business platform.
    Uber as well as Lyft can not be allowed to operate unregulated in a regulated industry like transportation. You can not do so in air, rail, water nor ground surface transportation. It is CRIMINAL to do so. The public is not protected, the investors are not protected-no one is protected.

    These companies’ fanatical stock sales and valuations are all bogus and are deep into securities fraud. Even the most recent Lyft stock sale raising another $500m just after its successful $1B stock sales venture. Uber has raised fraudulently $15B in stock sales. It latest is from the Saudi Prince who 60 Minutes exposed Sunday night with his horrific terrorism of YEMEN. Now Uber is romancing Mr. Son of Softbank for $8-10B to bail out the existing stockholders who were fleeced. Surely, Charley Ponzi is smiling looking up from hell.
    All these companies had to do initially was just comply with the existing laws and operate legally. Instead, they refused to do so and operate above the rule of law.
    Soon, the massive corruption will end and indictments galore will be forthcoming as so many are involved in these concerted criminal conspiracies.