Governments in several countries have opened investigations into Uber after the company revealed that it covered a breach that exposed data of 57 million people, including customers and drivers, in the latest scandal to hit the urban-to-urban transport company.
Authorities in the United Kingdom and the United States, two of Uber’s major markets, as well as Australia and the Philippines announced Wednesday that they will investigate the company’s response to data breach.
Uber said that by the end of 2016 it paid $ 100,000 for hackers to destroy data stolen from more than 57 million customers and drivers. The company did not disclose the incident to victims or to authorities.
The stolen information included names, email addresses, and Uber user phone numbers, as well as names and license numbers of 600,000 US drivers. Uber’s chief executive, Dara Khosrowshahi, acknowledged that the company made a mistake in dealing with the breach during the management of former CEO, co-founder Travis Kalanick.
US parliamentarians called for hearings in Congress and the Federal Trade Commission (FTC) to consider the issue.
Uber said it is in contact with the FTC and several countries to discuss the attack last year, which exposed data on millions of customers and drivers.
“We contacted several attorneys general and the FTC to discuss this issue, and we are ready to cooperate with them in the future,” a Uber spokesman said by e-mail.
Attorneys General in at least four US states – Connecticut, Illinois, Massachusetts and New York – said they launched rape investigations.
“We have serious concerns about the reported conduct,” said Massachusetts Attorney General Maura Healey.
The FTC, which investigates companies accused of carelessness with consumer data, said it is reviewing the matter but declined to say whether it has launched a formal investigation.
“We have learned through reports that describe a violation in the end of 2016, the actions of Uber employees after this violation. We are closely evaluating the serious issues raised,” said a FTC spokeswoman.
The British data protection authority said it will work with local and overseas agencies to investigate the issue.
“If UK citizens were affected, then we should have been notified so we could assess and verify the impact on the people whose data were exposed,” said James Dipple-Johnstone, UK Deputy Commissioner for Information.