• Uncategorised

Uber will expand settlement with FTC after 2016 data breach

Uber has agreed to new terms of an FTC settlement after failing to announce a breach for more than a year.

Sarah Tew/CNET

Uber has agreed to expand the terms of its settlement with the US Federal Trade Commission after announcing a major breach in 2017. The ride-sharing company originally had a settlement with the FTC last August, agreeing to 20 years of audits after allegations that Uber made deceptive claims about its privacy and data security. That original agreement also required Uber to start a new privacy program.

The FTC decided to revisit that settlement after the company announced last November that hackers stole data on 57 million users and drivers. The breach, which originally happened in October 2016, had been covered up for more than a year because Uber paid the thieves £100,000 to delete the information. “After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while the Commission was investigating the company’s strikingly similar 2014 breach,” acting FTC Chairman Maureen Ohlhausen said in a statement.

Under the new terms of Uber’s settlement with the FTC, the ride-sharing company will now be required to provide records of Uber’s bug bounty reports related to vulnerabilities affecting consumer data.

Uber will also now have to provide to the FTC all reports from third-party audits, rather than just the first assessments, according to the new terms.

“I am pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts,” Uber’s chief legal officer Tony West said in a statement.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.