Share

Uber faces EU-wide privacy probes into hidden hacking attack

Luxembourg - Uber faces privacy probes across the European Union from regulators who vowed to look into the huge data breach that the company hid for more than a year after hackers stole vast amounts of personal data about customers and drivers.

EU data protection officials from the 28-nation bloc will discuss the incident and its privacy implications at a regular meeting in Brussels next week, the head of the so-called Article 29 Working Party said in a statement on Thursday.

Multiple regulators in Europe earlier already vowed to start an investigation, with Italy’s data protection chief speaking of an “obvious lack of adequate security measures” at the ride-hailing company.

“We can only express our deep concern about the breach,” Antonello Soro, president of the Italian authority, said in a statement on its website on Wednesday. “We have opened an investigation and we are collecting all the useful elements to assess the extent of the data breach and the actions to be taken to protect any Italian citizens involved.”

Hackers stole the personal data of 57 million customers and drivers from Uber, a major breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100 000 payment to the attackers.

Phone numbers

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday.

The personal information of about 7 million drivers was accessed as well, including some 600 000 US driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with US regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken.

Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

A spokesperson from Uber said the company is in the process of notifying various regulatory and government authorities.

The Dutch privacy watchdog, Uber’s lead regulator in Europe, the Spanish and the British agencies also said they are reviewing the incident.

The Netherlands regulator said that Uber, which has its European base in the nation, has informed it of the hack. “As we do with every data breach report, we will look into this report very thoroughly,” its spokesperson Frederique Hermie said in an email.

While some European watchdogs’ fining powers are minimal, most of the current 28 EU regulators have no powers to levy penalties at all. This will change in May 2018, when data protection authorities across the bloc will get the same powers to fine companies, including US firms, as much as 4% of annual sales.

"Deliberately concealing breaches from regulators and citizens could attract higher fines for companies,” James Dipple-Johnstone, deputy commissioner of the UK Information Commissioner’s Office, said in an emailed statement. He said the data breach raised “huge concerns around its data protection policies and ethics.”

* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.9%
Rand - Pound
24.10
-0.9%
Rand - Euro
20.59
-0.7%
Rand - Aus dollar
12.42
-0.9%
Rand - Yen
0.13
-0.8%
Platinum
915.75
-0.8%
Palladium
1,028.36
-3.5%
Gold
2,159.96
+0.2%
Silver
25.03
-0.6%
Brent Crude
85.34
-0.1%
Top 40
66,252
0.0%
All Share
72,431
0.0%
Resource 10
53,317
0.0%
Industrial 25
100,473
0.0%
Financial 15
16,622
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders