The fallout from Uber’s disclosure yesterday of a large information breach affecting 57 million customers and drivers that it hid for a yr continues: The UK’s information safety watchdog has put out a strongly worded assertion saying the corporate’s announcement “raises big considerations round its information safety insurance policies and ethics”.
It has additionally warned that intentionally concealing breaches from regulators and residents “might entice increased fines”.
It’s not but clear precisely what number of UK Uber customers have been immediately affected by the October 2016 breach — though Uber disclosed yesterday that some worldwide customers are affected.
On the time of writing the corporate has not responded to requests for a extra detailed breakdown of which markers are affected by the breach, together with whether or not UK Uber customers’ information was compromised.
In a weblog publish yesterday Uber mentioned that “some private info of 57 million Uber customers around the globe” had been within the recordsdata downloaded by hackers, together with “names, e-mail addresses and cell phone numbers”.
“Our exterior forensics specialists haven’t seen any indication that journey location historical past, bank card numbers, checking account numbers, Social Safety numbers or dates of start have been downloaded,” it added.
The UK regulator’s remarks are a transparent warning shot for a corporation that has already been censured by a US federal company on information safety and privateness grounds — agreeing in August to 20 years of privateness audits by the FTC to settle a probe into privateness and safety complaints that pre-date this new and bigger information breach.
The feedback are additionally vital as a result of Uber is at present interesting a call this September by London’s transport regulator to strip it of its license to function within the UK capital. (Although it could actually, and is, persevering with to function within the metropolis through the appeals course of.)
Amongst Transport for London’s cited considerations for withdrawing licensing from Uber is its method to explaining its use of inner software program, Greyball — which Uber used within the US to attempt to monitor and block regulatory our bodies from gaining full entry to its app, in an try and sidestep regulators and legislation enforcement businesses. Earlier this yr the DoJ was reported to be investigating Uber’s use of Greyball.
It is usually going through a string of different federal probes relating to varied points of its enterprise operations.
Right here’s the complete assertion on the Uber breach from ICO deputy commissioner James Dipple-Johnstone:
Uber’s announcement a couple of hid information breach final October raises big considerations round its information safety insurance policies and ethics.
It’s all the time the corporate’s accountability to establish when UK residents have been affected as a part of an information breach and take steps to cut back any hurt to customers. If UK residents have been affected then we must always have been notified in order that we might assess and confirm the impression on individuals whose information was uncovered.
We’ll be working with the NCSC plus different related authorities within the UK and abroad to find out the size of the breach, the way it has affected individuals within the UK and what steps must be taken by the agency to make sure it absolutely complies with its information safety obligations.
Intentionally concealing breaches from regulators and residents might entice increased fines for corporations.
The UK’s Nationwide Cyber Safety Centre, a department of the GCHQ home intelligence company, has additionally put out a press release in regards to the Uber breach, during which it says: “Firms ought to all the time report any cyber assaults to the NCSC instantly. The extra info an organization shares in a well timed method, the higher in a position we’re to help them and forestall others falling sufferer.”
The company additionally notes that it’s working intently with the UK’s Nationwide Crime Company and the ICO to research “how this breach has affected individuals within the UK and advise on applicable mitigation measures”.
“Primarily based on present info, we have now not seen proof that monetary particulars have been compromised,” the NCSC provides.
Featured Picture: TechCrunch