Portland officers have demanded Uber flip over details about an enormous 2016 data breach the corporate did not disclose till final month.
The journey-hailing firm on Nov. 21 disclosed a 2016 data breach by which hackers accessed information that included info on its drivers and riders. It additionally admitted it had stored the incursion beneath wraps for greater than a yr, somewhat than alerting affected clients, regulators or regulation enforcement.
In a letter despatched to Uber’s CEO on Friday, Portland Commissioner Dan Saltzman stated Uber had violated the town’s code by withholding info on the breach, and he demanded extra info on what number of Uber drivers and clients had been affected within the metropolis.
Saltzman, who oversees the town’s transportation division, steered the failure to inform the town of the breach may be a violation of metropolis code, which requires corporations like Uber to guard private data and notify the town within the occasion of a breach.
And though Uber has been in scorching water with the town earlier than — for working illegally in Portland earlier than it was sanctioned, and later when it was disclosed that it used software program at that time to keep away from metropolis regulators — it has maintained that it is abided by the town code because it was amended to legalize Uber’s enterprise.
“Uber’s past actions in the City of Portland have been severely problematic,” Saltzman wrote within the letter to Dara Khosrowshahi, Uber’s chief government. “To learn now that Uber deliberately concealed a massive data breach involving both customer and driver information for a period of over a year adds to the already strained relationship the City has with Uber.”
Saltzman demanded that Uber flip over extra details about the breach, together with the variety of drivers and riders affected, its coverage on reporting safety breaches and assurances that it had not violated another metropolis laws or state legal guidelines since January 2016, when code legalizing Uber’s enterprise mannequin took impact.
An Uber spokesman declined to offer that info to The Oregonian/OregonStay, as an alternative offering a press release: “We take this matter very seriously and we are happy to answer any questions regulators may have. We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to re-gain the trust of consumers.”
Uber reported to the Oregon Department of Justice that 1,300 Oregon driver’s license numbers — presumably belonging to Uber drivers — had been accessed within the breach. Uber has contacted drivers instantly concerning the breach and provided a yr of credit score-monitoring service via the credit score bureau Experian.
The Justice Department stated it’s collaborating in a multi-state investigation involving the Uber breach.
It’s unclear what number of Uber riders in Oregon have been affected by the breach.
Uber stated 57 million customers worldwide may need had info uncovered, together with names, e-mail addresses and cell phone numbers. It stated riders’ journey location historical past, bank card numbers, checking account numbers, Social Security numbers or dates of delivery do not seem to have been accessed.
Portland already sparred with Uber this yr over the corporate’s use of the “Greyball” software program to keep away from regulators in 2014. The metropolis closed the investigation after discovering no wrongdoing since that time.
— Elliot Njus