The disclosure by Uber of a data breach that occurred in October 2016 has prompted a growing number of regulators to open investigations into the company.
According to Bloomberg, the breach (which Uber disclosed on November 21, 2017) involved hackers accessing the names, email addresses and phone numbers of 50 million riders and 7 million drivers and the driver’s license numbers of approximately 600,000 U.S. drivers.
Following the disclosure of circumstances of the breach and its discovery, data protection authorities (“DPAs”) in the EU have been publicly critical of the timing of the company’s disclosure. In the UK, the Information Commissioner’s Office has stated that it expects Uber to alert all affected individuals, while acknowledging that the breach is “unlikely to pose a direct threat to citizens.” Meanwhile, the president of the Italian DPA has indicated its intention to investigate the “poor transparency” demonstrated by Uber.
Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.