The FTC is Investigating Uber’s Latest Data Breach

This week, Uber announced a security breach that happened in October of 2016 that exposed personal data from an estimated 57 million drivers and customers. However, rather than inform the affected users, the company opted to pay off the hackers that stole the data instead in order to keep them quiet. Currently, Reuters reports that the FTC is investigating the data breach and subsequent mishandling of Uber regarding the situation. A spokesperson from the agency informed Reuters: “We are aware of press reports describing a breach in late 2016 at Uber and Uber officials’ actions after that breach. We are closely evaluating the serious issues raised.”

However, here is the thing, the FTC recently wrapped up an investigation into the company regarding issues with how it handled ts security. The agency found out that Uber did not protect data adequately and misrepresented how secure the data actually was. Part of the settlement of Uber with the FTC over that investigation included an agreement to undergo third-party privacy audits every two (2) years for the next 20 years and a promise that it would no longer misrepresent how the company monitors, protects and secures the personal information of consumers. At the time that settlement was revealed, Uber said: “We’ve significantly strengthened our privacy and data security practices since then and will continue to invest heavily in these programs. […] This settlement provides an opportunity to work with the FTC to further verify that our programs protect user privacy and personal information.”

The settlement was announced in August. “It appears they violated the FTC consent order before the ink was dry on it,” former cybercrime prosecutor Ed McAndrew told CNET. “At the very time they were negotiating a consent order with the FTC, they were knowingly not disclosing it.”

With the FTC, Uber could also be examined by various states regarding laws from which violated when it did not disclose the breach to its users. Reuters reports that at least six states’ attorneys general offices have stated that they will be investigating the issue as will authorities in Australia, the United Kingdom, and the Philippines. A spokesperson from Uber informed CNET:  “We’ve been in touch with several state attorney general offices and the FTC to discuss this issue, and we stand ready to cooperate with them going forward.”