Uber admits covering up data breach involving 57 mn users


San Francisco, Jul 26 (IANS): Uber has admitted that it covered up a massive data breach in 2016 that exposed data pertaining to approximately 57 million users and 600,000 drivers' license numbers.

The ride-hailing platform has entered a non-prosecution agreement with federal prosecutors to resolve a criminal investigation into the coverup of a significant data breach suffered by the company in 2016, according to the US Department of Justice.

As part of a non-prosecution agreement to resolve the investigation, Uber admitted concealing its 2016 data breach from the Federal Trade Commission (FTC), which at the time of the 2016 breach had a pending investigation into the company's data security practices.

"Uber admits that its personnel failed to report the November 2016 data breach to the FTC despite a pending FTC investigation into data security at the company," the Justice Department said in a statement.

The hackers responsible for the Uber breach used stolen credentials to access a private source code repository and obtain a private access key.

The hackers then used that key to access and copy large quantities of data associated with Uber's users and drivers.

The breach was not reported to the FTC until approximately a year later, when new executive leadership was managing the company, revealed the Justice Department.

Uber settled civil litigation with the attorneys general for all 50 States and the District of Columbia related to the 2016 data breach, paying $148 million and agreeing to implement a corporate integrity programme.

Recently, a leaked trove of internal Uber documents revealed that the ride-hailing platform allegedly broke laws and secretly lobbied governments to expand globally.

 

  

Top Stories


Leave a Comment

Title: Uber admits covering up data breach involving 57 mn users



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.