Skip to main content

Uber Faces Major Fallout from Massive Hack, Alleged Cover-Up .

Uber's admission that it took more than a year to disclose the theft of personal data from 57 million customers and drivers has now drawn two lawsuits and a federal probe.

Compounding the ride-hailing titan's woes are news reports that it paid the hackers $100,000 to destroy the pilfered data, and that its new CEO knew about the breach for more than two months before revealing it to customers and drivers.

The hack and its fallout are just the latest problems to strike a firm that is already a target for harsh criticism about its management -- from claims it fostered a reckless, misogynist company culture that led to sexual harassment and bullying, to revelations about use of secret technology for evading authorities' oversight, to a trade-secrets lawsuit by Google self-driving spinoff Waymo, and an $8.9 million fine levied Nov. 20 by Colorado over drivers with serious criminal and driving-infraction records.

The beleaguered San Francisco company's latest personal-data trouble started in October 2016, when hackers broke into its systems and downloaded names, email addresses and cell phone numbers of 57 million Uber customers, along with names and driver's license numbers of some 600,000 U.S. Uber drivers, according to statements from the company.

Such information is commonly used for identity theft, which can result in criminals obtaining credit cards and loans in victims' names, or looting their bank accounts.

It wasn't until Tuesday that Uber, in a statement from CEO Dara Khosrowshahi, revealed the breach to customers, drivers and the public. And according to a new report, Khosrowshahi had learned of the hack two weeks after he took the reins of the company Sept. 5, according to the Wall Street Journal, which cited unnamed people said to be familiar with the matter.

In his Tuesday statement disclosing the 2016 hack, Khosrowshahi said he had "recently" learned of it.

The breach, and Uber's response to it, drew two lawsuits soon after the company announced it had been hacked. Both suits seek class-action status.

On Tuesday, Alejandro Flores of Los Angeles launched a suit on behalf of himself and people who were Uber customers or drivers at the time of the breach. The legal action takes aim at the gap of more than a year between Uber's discovery of the hack and its public disclosure.

"Customers, and drivers had no chance to protect their identity and their information," said the suit filed in Central District of California U.S. District Court.

Flores also claims credit card and Social Security numbers were stolen, along with dates of birth. If true, that would put customers and drivers at increased risk of identity theft and fraud.

Khosrowshahi had said in his statement that the company's "outside forensic experts" found no indication that dates of birth, or credit card or Social Security numbers were taken.

Uber did not immediately respond to a question about whether those types of data were stolen, or to additional questions about the breach and the company's response. The lawyers representing Flores did not immediately respond to a request for information about the claims of stolen birth dates and credit card and Social Security numbers.

The other lawsuit, filed Wednesday by Danyelle Townsend and Ken Tew, highlights an allegation in a Nov. 21 Bloomberg report that Uber -- under previous CEO Travis Kalanick -- had paid the hackers to delete the stolen data and keep quiet about it.

"Rather than alerting regulators, law enforcement and victims of the Data Breach, Uber sought to conceal the Data Breach by paying the hackers $100,000 to destroy the stolen data and to promise to keep the Data Breach secret from the public and regulators," the suit filed in Northern California U.S. District Court said.

This legal action also includes claims about personal data beyond what Uber has admitted was stolen.

"Also potentially at risk are additional pieces of personally identifiable information generally available in Uber customer accounts including: location history, credit card numbers, bank account numbers, Social Security Numbers, dates of birth and other information," the suit claims.

Fallout from the hack goes beyond the courts. The Federal Trade Commission said it was "closely evaluating the serious issues raised" by the breach, Reuters reported Wednesday.

The huge hack is not the first data-security issue to put Uber into authorities' sights. In August, the FTC announced that it had reached a settlement with Uber after a hacker accessed names and driver's license numbers of more than 100,000 drivers in 2014. Uber had failed to take "reasonable, low-cost measures" to properly secure its database, the FTC said. In the settlement, Uber agreed to 20 years of independent audits to certify it had an effective privacy program.

That data breach also led to a settlement between Uber and New York's attorney general, which included a $20,000 fine for failing to provide drivers and authorities with timely notice of the hack.

The legal and regulatory problems come as Uber readies itself to go public in 2019, and negotiates with SoftBank over a multi-billion-dollar investment that would give the Japanese tech titan a 14 percent to 20 percent stake in Uber, which is valued at nearly $70 billion.

Although Uber waited until this week to publicly disclose the massive breach of customer and driver data, it told SoftBank about the hack about three weeks earlier, according to the Wall Street Journal.

Comments

Popular posts from this blog

Windows 10 now on 600 million machines.

Microsoft CEO Satya Nadella told shareholders that Windows 10 has now passed 600 million monthly active users, picking up 100 million since May of this year. This number counts all Windows 10 devices used over a 28-day period. While most of these will be PCs, there are other things in the mix there: a few million Xbox Ones, a few million Windows 10 Mobile phones, and special hardware like the HoloLens and Surface Hub. The exact mix between these categories isn't known, because Microsoft doesn't say. The company's original ambition (and sales pitch to developers) was to have one billion systems running Windows 10 within about three years of the operating system's launch. In July last year, the company acknowledged that it won't hit that target—the original plan called for  50 million or more phone sales a year , which the retreat from the phone market has made impossible. But at the current rate it should still be on track for somewhere in excess of 700 million use...

WZoneLite – A Pretty Cool WooCommerce Amazon Affiliate Plugin .

Everyone wants to make a million dollars by being a blogger. The promise of riches and internet fame is a big draw to doing it for a lot of people, and I’m sorry to say that the reality of being a blogger (even a professional blogger!) is not quite…as financially lucrative as all that. But that’s not to say that it  can’t be –one of the best ways to start your empire is with an Amazon affiliate plugin. For me, the Amazon Associates program has been one of the biggest earners for me over the years. Not only are there CPM ads like Google Adsense (you know, the normal banner ads we all love to hate), but any time someone clicks a link from your site, you get a percentage of  anything  they buy while the token from your site lasts in their browser. If they buy a song, you get a few cents. If they buy a new MacBook Pro and iPhone? You get…a lot more cents. With that in mind, WZoneLite is a  pretty cool WooCommerce Amazon affiliate plugin that syncs everything together s...

Game-changing SEO trends that will dominate 2018.

Changing nature of the rules of the game. As search engines strive to improve the quality of search results, some ranking factors shift shapes, others fall into oblivion, and completely new ones arise out of nowhere. To help you stay ahead of the game in 2018, here’s a list of the most prominent trends that are gaining momentum, with tips on how you can prepare for each. 1. The rise of SERP features Are you assuming a #1 organic ranking is  the  way to get as much traffic as possible? Think again. Increasingly, SERP features (local packs, Knowledge panels, featured snippets and so on) are stealing searchers’ attention and clicks from organic listings. And it’s only fair if you consider the evolution the Google SERP has been through. It has gone all the way from “10 blue links”… … to something that makes you feel like you’re part of a Brazilian carnival. What can you do about it? With the evolution of SERP features, it’s critical that you (a) track your rankings within...