Skip navigation
Menu
Th Uber Technologies Inc. car service application (app) is displayed for a photograph on an Apple Inc. iPhone in New York, U.S., on Wednesday, Aug. 6, 2014. Photographer: Victor J. Blue
Security>Endpoint Protection

Uber Breach Exposed Names, Emails of More Than 20 Million Users

A data breach exposed the names, phone numbers and email addresses of more than 20 million users of the Uber Technologies Inc. online ride-hailing service, federal authorities said, as they chastised the ride-sharing company for not revealing the lapse earlier.

(Bloomberg) --A data breach exposed the names, phone numbers and email addresses of more than 20 million users of the Uber Technologies Inc. online ride-hailing service, federal authorities said, as they chastised the ride-sharing company for not revealing the lapse earlier.

The Federal Trade Commission said Uber failed to disclose the leak, which occurred in 2016, even as the agency investigated and sanctioned the company in 2017 for a similar data breach that happened in 2014.

“After misleading consumers about its privacy and security practices, Uber compounded its misconduct,” said Acting FTC Chairman Maureen Ohlhausen. She announced an expansion of last year’s settlement with the company and said the new agreement was “designed to ensure that Uber does not engage in similar misconduct in the future.”

In the latest breach, intruders to a data-storage service run by Amazon.com Inc. obtained unencrypted consumer personal information relating to U.S. riders and drivers, including 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver’s license numbers, the FTC said in a complaint.

Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

Tumultuous Period

Uber went through a tumultuous period in which co-founder Travis Kalanick was ousted in June following accusations that the company created a hostile environment for female employees under his leadership. Dara Khosrowshahi became chief executive in August, and promised a transparent management style.

Uber disclosed the breach in November, more than a year after discovering it, the FTC said.

“I am pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts,” Uber’s Chief Legal Officer Tony West said in an emailed statement.

TAGS: Compliance and Risk Management
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Equifax Breach Displays Every Bad Security Practice
Sep 08, 2017
3D rendering of a smartphone and a key featuring a fingerprint design on its base
Is Passkey Authentication More Secure Than Traditional Passwords?
Feb 29, 2024
digital padlock icon
Ivanti Gets Poor Marks for Cyber Incident Response
Feb 13, 2024
the words spyware and a magnifying glass icon over an open eye
World Govs, Tech Giants Sign Spyware Responsibility Pledge
Feb 06, 2024