Uber failed to disclose a massive breach a year ago that exposed the data of some 57 million users of the ride-sharing service, the company's new chief executive officer says.
Several states, including Missouri, Massachusetts and NY, have opened investigations, and the city of Chicago sued Uber on Tuesday for failing to notify affected residents. Seven million drivers had their details stolen during the breach, alongside 50 million active Uber users. The ride-sharing firm also confirmed that it had paid the hackers responsible $100,000 to delete the data and keep the breach quiet. Now, after some further digging, it seems that 2.7 million of those affected were Uber customers from the UK.
In a statement released on Tuesday, the firm said that hackers made off with names, email addresses, and phone numbers of those affected in October 2016, adding that location history, credit card numbers and dates of birth were not obtained in the massive data breach.
Europe's data protection authorities can streamline their investigations into companies, something that is exceptional, but that has happened in big cases including the Yahoo data breach earlier this year.
Separately, prosecutors in the United States have heard that Uber may have hired ex-CIA intelligence operatives to conduct surveillance on its rivals.
The lawsuit filed Monday in Cook County Circuit Court contends Uber's failure to protect consumers' personal information violated city and state laws.
Trump's Christmas card says 'Merry Christmas,' Obama's never did
Home tree Home is located in the Blue room: it is decorated with gold and blue ribbons with ornaments of all US States. When @realDonaldTrump sees 'a lovely woman, [he] just start [s] kissing them.' I hear he doesn't 'even wait".
The data breach resulted in almost 11,000 Washington Uber drivers having their data compromised.
Uber recently landed in trouble because 57 million of its users had been hacked, and the company spent a bunch of money to deliberately hide that fact from the rest of the world.
Ferguson's lawsuit is the first from a state, although attorneys general in New York, Missouri, Massachusetts, Connecticut and IL have begun investigations, and the city of Chicago and Cook County have filed a lawsuit.
Under current British law organisations which fail to disclose data breaches to regulators face a maximum fine of up to 500,000 pounds.
"We are monitoring the affected accounts and have flagged them for additional fraud protection", the company said.