There's a 'high chance' that Uber's failure to disclose its hack was illegal

Uber CEO Dara Khosrowshahi

  • Uber revealed on Tuesday that it had covered up a data breach that took place in 2016, affecting 57 million users.
  • The company failed to tell authorities around the world and reportedly paid $100,000 to the hackers to cover up the breach, which included names, emails, and phone numbers.
  • UK authorities have said British users were affected, but haven't publicised numbers yet.
  • The UK's digital minister Matt Hancock said the company probably broke the law — the most damning statement yet from the government.

 

The questions are piling up on Uber about a data breach that put at least 57 million users at risk, and specifically why it didn't tell anyone.

The ride-hailing company is now under investigation in the US, UK, and other countries for failing to disclose the hack to authorities, and for allegedly paying hackers $100,000 to cover up the breach.

Now the UK's digital minister Matt Hancock has given the most damning official statement yet on the breach, by suggesting the company broke the law by failing to disclose.

Hancock made the comments in Parliament on Thursday. Asked by Labour MP Kevin Brennan whether Uber had broken the law in relation to the breach, Hancock responded: "[Kevin Brennan] asked whether this is illegal under current UK law, that of course is matter for the courts but I think there's a very high chance that it is."

Neither Hancock nor Brennan went into further detail.

Uber did not specifically respond to Hancock's comments, but said in a statement: "We are in the process of notifying various regulatory and government authorities and we expect to have ongoing discussions with them. Until we complete that process we aren't in a position to get into any more details."

Hancock added that it's an "aggravating factor" if a company gets hacked but doesn't tell authorities immediately. That can potentially lead to higher fines, though in the case of the UK's data authority, that's only a maximum of £500,000.

"Delaying notification is not acceptable," Hancock said.

The UK's data watchdog, the Information Commissioner's Office, has already said it would investigate the breach.

We still don't know how many British users were affected

The ICO has confirmed British users were affected by the hack, but hasn't yet given an estimate on how many.

According to Hancock, Uber has handed over information on how many of its UK users were affected by the hack.

But he said the government didn't fully trust the figures.

He said: "In terms of the number, we do not have sufficient confidence in the number we have been told by Uber to go public. We're working with the [National Cyber Security Centre] to have more confidence in that figure."

Hancock pointed out that the number of customers affected by the hack on US consumer data giant Equifax turned out to be bigger than originally estimated. The government plans to publish its findings in "a matter of days."

It also turns out that the government only found out about the hack from media reports on Tuesday, with Uber giving statements to the press before speaking to UK authorities, Hancock said.

"Uber had failed to tell the UK authorities before they spoke to the media," he said.

"As far as we can tell, it was not a hack perpetrated in the UK. Our role is therefore to at this stage is to understand how UK citizens were affected. We are working with the ICO and the NCSC, and they are talking to the [Federal Trade Commission] and others to get to the bottom of this."

Hancock added that it currently looked unlikely that any of the stolen information could be used to steal customers' money.

"At this stage, our initial assessment for Uber customers ... the stolen information is not the sort of information that would allow direct financial crime."

Join the conversation about this story »

NOW WATCH: This animation shows how terrifyingly powerful nuclear weapons have become



Contributer : Tech Insider http://ift.tt/2zuimnr
There's a 'high chance' that Uber's failure to disclose its hack was illegal There's a 'high chance' that Uber's failure to disclose its hack was illegal Reviewed by mimisabreena on Thursday, November 23, 2017 Rating: 5

No comments:

Sponsor

Powered by Blogger.