Skip to main content
close search
site logo
Dive Brief

FTC expands Uber settlement following last year's breach revelations

Published April 13, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr / senatormarkwarner

Dive Brief:

  • Uber has agreed to expand upon its settlement with the Federal Trade Commission (FTC) regarding customer deception about its privacy and data security policies, according to an FTC announcement on Thursday. Each violation of an issued consent order from the FTC can result in a civil penalty up to $41,484. The ride-sharing company faced charges over how it monitored employee access to its users' personal data and for "failing to reasonably secure" data in a third-party cloud.

  • In November it was disclosed that Uber also tried to cover up a 2016 data breach that was "strikingly similar" to its 2014 breach, according to the announcement. If the FTC finds the company is "misleading" its customers about their privacy, it could result in additional requirements or civil penalties.

  • The original settlement was reached in August 2017 and entailed the Silicon Valley company agreeing to "implement a comprehensive privacy program" and conduct independent audits. The new revisions require Uber to submit such audits to the FTC.

Dive Insight:

Uber has faced a lot of scrutiny in recent years for the actions of its former CEO and complaints of sexual harassment, but the ride-sharing company also stood out for its decision to pay hackers  $100,000 to mask the 2016 breach and delete the accessed data.

Uber reportedly learned of the breach in 2016, but the public was not notified until a year later. Hackers used an access key of an Uber engineer "posted on a code-sharing website," according to the FTC. 

About 57 million users of the app and 600,000 drivers were left compromised. Names, driver's license numbers, email addresses and phone numbers were among the data hackers obtained.

Breaches highlight a company's shortcomings in cybersecurity and are usually a result of compromised authentication, outdated software or a lack of adequate talent on staff. But recent breaches — such as Delta and Sears — left companies scrambling after a vendor was hacked.

But Uber cannot blame the security of its third-party cloud provider. An employee within the company essentially handed hackers the tool to gain entry to its cloud storage and unencrypted filesa red flag on its own. The FTC views this as irresponsible negligence for consumer's privacy protection. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Productboard Launches AI-Powered Productboard Pulse To Integrate Voice of Customer Into Produc…
From Productboard
October 29, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell