The way the company handled the breach might be in violation of data breach disclosure laws.
Hackers stole the personal data of 57 million Uber riders in 2016, and the company paid the cybercriminals $100,000 to keep the data breach under wraps, according to a blog post published by Uber and a story by Bloomberg.
As fallout from the breach, this week Uber has fired its chief security officer.
“Two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” Uber’s CEO Dara Khosrowshahi wrote in the blog. “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
As fallout from the breach, this week Uber has fired its chief security officer.
In addition to being yet another public relations nightmare for Uber, the way the company handled the breach might be in violation of data breach disclosure laws, and might prompt an investigation from the Federal Trade Commission.