Latest in Gear

Image credit:

The FTC is looking into Uber's latest data breach

As are a number of states and agencies in other countries.
Share
Tweet
Share

Sponsored Links

Getty Images

This week, Uber revealed that a security breach that happened in October of 2016 exposed personal data from around 57 million customers and drivers. But rather than inform the affected individuals, the company instead chose to pay off the hackers that stole the data in order to keep them quiet. Now, Reuters reports that the FTC is looking into the data breach and Uber's subsequent mishandling of the situation. An agency spokesperson told Reuters, "We are aware of press reports describing a breach in late 2016 at Uber and Uber officials' actions after that breach. We are closely evaluating the serious issues raised."

But here's the thing, the FTC just wrapped up an investigation into the company over issues with how it managed its security. The agency determined that Uber didn't adequately protect data and misrepresented how secure that data actually was. Part of Uber's settlement with the FTC over that investigation included an agreement to undergo third-party privacy audits every two years for the next two decades and a promise that it would no longer misrepresent how it monitors, protects and secures consumers' personal information. At the time that settlement was announced, Uber said in a statement, "We've significantly strengthened our privacy and data security practices since then and will continue to invest heavily in these programs. [...] This settlement provides an opportunity to work with the FTC to further verify that our programs protect user privacy and personal information."

That settlement was announced in August of this year. "It appears they violated the FTC consent order before the ink was dry on it," former cybercrime prosecutor Ed McAndrew told CNET. "At the very time they were negotiating a consent order with the FTC, they were knowingly not disclosing it."

Along with the FTC, Uber could also be investigated by several states, laws from which it violated when it didn't disclose the breach to its customers. Reuters reports that at least six states' attorneys general offices have said they'll be looking into the issue as will authorities in the UK, Australia and the Philippines. An Uber spokesperson told CNET, "We've been in touch with several state attorney general offices and the FTC to discuss this issue, and we stand ready to cooperate with them going forward."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The Arcwave Ion is designed to 'give men a female orgasm'

The Arcwave Ion is designed to 'give men a female orgasm'

View
The Morning After: Our first impressions of the Xbox Series X

The Morning After: Our first impressions of the Xbox Series X

View
iOS 14 review: Finally rid of the grid

iOS 14 review: Finally rid of the grid

View
Scientists find evidence of multiple underground lakes on Mars

Scientists find evidence of multiple underground lakes on Mars

View
Atari VCS backers should get their consoles 'very soon'

Atari VCS backers should get their consoles 'very soon'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr