Home / Tech / Business / New York Attorney General Launches Investigation of Uber’s $100,000 Hack Cover-Up
Uber Hack Stock Photo (modified) - privacyriskreport.com

New York Attorney General Launches Investigation of Uber’s $100,000 Hack Cover-Up

The revelation that Uber concealed a major 2016 data breach affecting 57 million users and paid hackers to destroy the evidence is yet another PR nightmare from Uber’s darkest era, but it’s also a major problem when it comes to state laws around data breach disclosure practices.

Taylor Hatmaker | TechCrunch

In light of Bloomberg’s report, the office of New York State Attorney General Eric Schneiderman confirmed to TechCrunch that it has opened an investigation into the incident.

The new investigation won’t be the first time that Uber has tangled with Schneiderman. Flaunting laws over the course of its aggressive pursuit of growth, Uber often ran into conflict with city and state legal authorities, and New York is no exception. The company reached a settlement with Schneiderman’s office in January 2016 over its abuse of private data in a rider-tracking system known as “God View” and its failure to disclose a previous data breach that took place in September 2014 in a timely manner.

Given how far Uber strayed beyond the legal protocols that protect consumer data — and the unsettling twist that it actually paid off its own attackers — it’s likely that we’ll hear much more from state and federal authorities as they investigate a repeat offender that just can’t seem to learn a lesson.

As a result of the settlement, Uber was required to encrypt the geodata of its riders, employ a multi-factor authentication system to verify the identity of anyone accessing rider data and make other standard security enhancements to protect consumer privacy. Uber also agreed to pay a $20,000 fine for its failure to disclose the data breach. While that fine was hardly a bump in the road for such a massive tech company, the new security requirements imposed by the Attorney General offered a more robust reproach.

TechCrunch also reached out to the FTC about how it planned to handle news of the new Uber data breach, but the agency replied that it did not have a comment at this time. Earlier this year, Uber settled with the FTC around the “God view” tool and its failure to protect the private data of consumers in a previous data breach. Uber agreed to 20 years of privacy and security auditing as a result of the FTC settlement.

RELATED: Stories about ride-sharing companies and technology at LedeTree

Given the New York Attorney General’s interest in the latest Uber scandal, it follows that Uber will likely be in the hot seat in its home state of California, where under Civil Code 1798.82 businesses are required to disclose data breaches affecting more than 500 state residents to the Attorney General “in the most expedient time possible and without unreasonable delay.” TechCrunch has reached out to the office of California Attorney General Xavier Becerra and we’ll update when we hear back.

Given how far Uber strayed beyond the legal protocols that protect consumer data — and the unsettling twist that it actually paid off its own attackers — it’s likely that we’ll hear much more from state and federal authorities as they investigate a repeat offender that just can’t seem to learn a lesson.

Read the full story from TechCrunch

More technology stories at LedeTree

About Taylor Hatmaker

Taylor Hatmaker
Taylor is a technology writer & thinker with a deep interest in the spaces where tech, culture, and big ideas overlap. You can find her work at Tecca, Autostraddle, and now ReadWriteWeb. Her work has appeared on MSNBC.com, Mashable, io9, Jezebel, ABC, MyLifeScoop, USA Today.com and in the print edition of USA Today, among others.

Check Also

Flytrex Drone

North Dakota Golf Course is First to Have Food, Drink Delivery By Drone

Get in the Hole! Drone Delivery Comes to the Golf Course Is that a birdie? …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.