The FTC is looking into Uber's latest data breach

As are a number of states and agencies in other countries.

Getty Images

This week, Uber revealed that a security breach that happened in October of 2016 exposed personal data from around 57 million customers and drivers. But rather than inform the affected individuals, the company instead chose to pay off the hackers that stole the data in order to keep them quiet. Now, Reuters reports that the FTC is looking into the data breach and Uber's subsequent mishandling of the situation. An agency spokesperson told Reuters, "We are aware of press reports describing a breach in late 2016 at Uber and Uber officials' actions after that breach. We are closely evaluating the serious issues raised."

But here's the thing, the FTC just wrapped up an investigation into the company over issues with how it managed its security. The agency determined that Uber didn't adequately protect data and misrepresented how secure that data actually was. Part of Uber's settlement with the FTC over that investigation included an agreement to undergo third-party privacy audits every two years for the next two decades and a promise that it would no longer misrepresent how it monitors, protects and secures consumers' personal information. At the time that settlement was announced, Uber said in a statement, "We've significantly strengthened our privacy and data security practices since then and will continue to invest heavily in these programs. [...] This settlement provides an opportunity to work with the FTC to further verify that our programs protect user privacy and personal information."

That settlement was announced in August of this year. "It appears they violated the FTC consent order before the ink was dry on it," former cybercrime prosecutor Ed McAndrew told CNET. "At the very time they were negotiating a consent order with the FTC, they were knowingly not disclosing it."

Along with the FTC, Uber could also be investigated by several states, laws from which it violated when it didn't disclose the breach to its customers. Reuters reports that at least six states' attorneys general offices have said they'll be looking into the issue as will authorities in the UK, Australia and the Philippines. An Uber spokesperson told CNET, "We've been in touch with several state attorney general offices and the FTC to discuss this issue, and we stand ready to cooperate with them going forward."