30 November, 2017
"When [the breach] happened, we took immediate steps to secure the data, shut down further unauthorised access, and strengthen our data security", the company added.
In a letter to Uber CEO Dara Khosrowshahi, the senators questioned whether Uber followed its internal incident response plan and whether it appropriately disclosed a data breach that reportedly compromised the personal information of 57 million customers.
Because Washington's data breach law does not define "personal information" as including names, email addresses, and telephone numbers, the complaint filed by Washington Attorney General Bob Ferguson relates only to the Uber drivers residing in Washington.
Violations carry fines of up to US$2,000, and Ferguson said each day Uber failed to notify each customer constitutes a violation.
The data regulator, the Information Commissioner's Office (ICO), has said it was yet to receive technical reports on the incident and called on the company to alert affected customers as soon as possible.More news: Texas State Trooper Shot, Killed in Freestone County
The revelation also comes as Uber battles to overturn a decision by London's transport regulator in September to revoke its operating license. "Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don't suffer adversely, and what action is being taken to prevent this happening again in the future". When trying to take on USA giants such as Google (googl) and Facebook (fb) over their flouting of European privacy law, the regulators learned a few years ago that it was best to coordinate their investigations for maximum impact.
Uber has been forced to quit several countries, including Denmark and Hungary, and faced regulatory battles in multiple US states and around the world.
The latest blow comes after months of controversies for Uber, from allegations of sexism and harassment to its lawsuit with Google's Waymo and an exodus of top executives, including its founder Travis Kalanick.
According to The Chicago Tribune, Uber disclosed the data breach last week and said the company paid out $100,000 in an effort to silence hackers from exposing the breach to the public. "And I will not make excuses for it".