It would appear that Uber’s problems have not yet come to an end. The company is now facing investigation from several countries for not reporting a data breach back in 2016; and for instead choosing to pay off the cybercriminals to keep the matter quiet.
The company acknowledged earlier this week that it suffered a massive data breach in October 2016; exposing the records of some 57 million drivers and passengers. Uber’s handling of the issue is what has drawn the attention of governments, as it has also come to light that a ransom of $100,000 to ensure that the hackers kept their actions a secret and destroyed the data.
Most countries have legislation that requires companies to report data breaches to the relevant local authorities. Failing to disclose this information has caused the United States, United Kingdom, Australia, and the Philippines to announce official investigations into the matter.
Making matters worse is that Uber is also being investigate in the US at a state level, with New York, Illinois, Connecticut and Massachusetts all confirming that they are looking into the matter. Each state in the US has its own legislation for dealing with data breaches, and failure to disclose the hack could lead to even more legal trouble for the ride-sharing company.
What is currently unclear is the scope of the data breach, with Uber remaining silent on who is actually affected. Bloomberg has ascertained that it covers 50 million passengers from around the world, and includes another seven million driver records that cover information like drivers’ licenses and email addresses. As far as anyone can tell, no credit card information was stolen.
Uber recently replaced founder Travis Kalanick with Dara Khosrowshahi as CEO, and it is now up to the chief executive to clean up the mess that’s been left. Khosrowshahi has been attempting to steer the company into some semblance of stability, but it would appear that the light at the end of the tunnel is a long way off.