Toronto - Governments around the globe
launched investigations into Uber Technologies Inc
after the company disclosed it had covered up a breach that
exposed data on millions of customers and drivers, the latest
scandal to rock the ride-hailing firm.
Authorities in Britain and the United States, two top Uber
markets, as well as Australia and the Philippines said on
Wednesday they would investigate the company's response to the
data breach.
Some US lawmakers called for Congressional hearings and
implored the Federal Trade Commission (FTC) to look into the
matter.
Uber said on Wednesday that it has been in touch with the
US Federal Trade Commission (FTC) and several states to
discuss a hack last year that exposed data on millions of
customers and drivers, the latest scandal to rock the
ride-hailing firm.
"We've been in touch with several state Attorney General
Offices and the FTC to discuss this issue, and we stand ready to
cooperate with them going forward," an Uber spokesperson said in
a emailed statement.
Uber said on Tuesday that in late 2016 it had paid hackers
$100 000 to destroy data on more than 57 million customers and
driver stolen from the company and decided not to report the
matter to victims or authorities.
The company's chief executive had acknowledged in a Tuesday
blog that the company had erred in handling the breach. (http://ubr.to/2AmxlQt)
The money-losing ride-hailing service is known for the tough
stance it has taken against regulators as it seeks to
aggressively expand and compete with existing taxi services.
Attorneys general in at least four US states, Connecticut,
Illinois, Massachusetts and New York, said they had launched
investigations into the breach.
“We have serious concerns about the reported conduct,”
Massachusetts Attorney General Maura Healey said in a statement.
US Senator Richard Blumenthal took to Twitter to call for
the FTC to investigate Uber, describing the company's behavior
as "inexplicable" and asking for the FTC to impose "significant
penalties."
The FTC, which investigates companies accused of being
sloppy with consumer data, said it was looking into the matter,
but declined to say if it had launched a formal investigation.
"We are aware of press reports describing a breach in late
2016 at Uber and Uber officials’ actions after that breach. We
are closely evaluating the serious issues raised," an FTC
spokesman said.
US Representative Frank Pallone called for a Congressional
hearing.
"If Uber did indeed secretly pay-off the hackers to keep the
breach quiet, then a possible cover up of the incident is
problematic and must be investigated," Pallone said in a
statement.
Britain's data protection authority said it would work with
agencies in the United Kingdom and overseas to investigate the
matter.
"If UK citizens were affected, then we should have been
notified so that we could assess and verify the impact on people
whose data was exposed," James Dipple-Johnstone, deputy
commissioner of the UK Information Commissioner's Office, said
in a statement.
British law carries a maximum penalty of 500,000 pounds
($662,000) for failing to notify users and regulators when data
breaches occur.
"Deliberately concealing breaches from regulators and
citizens could attract higher fines for companies,"
Dipple-Johnstone said.
The stolen information included names, email addresses and
phone numbers of 57 million Uber users around the world, and the
names and license numbers of 600,000 US drivers, according to
a blog post by Uber's new chief executive, Dara Khosrowshahi,
who replaced co-founder Travis Kalanick as CEO in August.
Uber said it fired its chief security officer, Joe Sullivan,
and a deputy, Craig Clark, this week over their role in the
incident. Sullivan, formerly the top security official at
Facebook Inc and a federal prosecutor, served as both
security chief and deputy general counsel for Uber.
Sullivan declined comment. Clark could not be reached for
comment.
Kalanick, through a spokesman, declined to comment. The
former CEO remains on the Uber board of directors, and
Khosrowshahi has said he consults with him regularly.
A stream of executives have left Uber in recent months amid
controversies involving sexual harassment, data privacy and
business practices in Asia. The board removed Kalanick as CEO in
June.
London's transport regulator recently pulled Uber's
operating license, saying the company failed to deal with public
safety and security issues. Uber is appealing the decision.
The agency said on Wednesday it was seeking more information
about the breach.
"We are pressing them for the full details of what has
happened so that we can be satisfied that all the right
protections are in place for the personal data of drivers and
customers in London," a Transport for London spokesman said.
Uber said earlier this month it had struck an agreement to
allow Japan's SoftBank Group to invest up to $10
billion, most of it by buying shares from existing investors.
The final price has yet to be decided, and SoftBank could back
out if not enough Uber investors are willing to sell at the
right price.