` FTC Expands Uber Privacy Settlement Over 2016 Data Breach - Clarip Privacy Blog
ENTERPRISE    |    CONSUMER PRIVACY TIPS    |    DATA BREACHES & ALERTS    |    WHITEPAPERS

FTC Expands Uber Privacy Settlement Over 2016 Data Breach

The Federal Trade Commission will subject Uber to additional requirements during the 20 years of privacy audits it agreed to last year to resolve concerns over its handling of data privacy and security dating back to 2014.

According to the government, Uber failed to disclose the 2016 data breach affecting approximately 57 million riders and drivers to the FTC during the government’s investigation. Acting FTC Chairman Maureen K. Ohlhausen released a statement that criticized Uber for compounding its misconduct and said, “The strengthened provisions of the expanded settlement are designed to ensure that Uber does not engage in similar misconduct in the future.”

cardriver

The revised settlement includes civil penalties for failure to notify the FTC of other privacy breaches, the submission of all third-party audits of the privacy program (rather than only the first report), and the retention of records from its bug bounty program.

The 2016 data breach involved intruders accessing consumer data through the servers of a third-party cloud provider from an access key posted by an Uber engineer to a code-sharing website. The intruders downloaded files containing more than 25 million names and emails, 22 million mobile phone numbers, and 600,000 driver’s license numbers. Uber paid the intruders $100,000 through its bug bounty program.

The previous settlement was announced in August 2017 and related to claims that Uber closely monitored employee access to rider and driver data, and that it deployed reasonable measures to secure personal information stored on a third-party cloud provider’s servers.

More from Clarip:

Are you ready for the new CA privacy law? Start preparing compliance efforts with Clarip for the California Consumer Privacy Act. Enforcement starts January 1, 2020 so better start planning funding in your 2019 budget now.

Learn more about the GDPR consent management.

Other Blog Posts on Privacy Breaches:

More Privacy Breaches in Healthcare from Provider Leaks than Hackers
New PIPEDA Rules for Data Breach Reporting in Canada
Google Plus Privacy Breach: Europe to Investigate; Senator Blumenthal Calls for FTC Investigation
SEC Issues First Fine for Delayed Data Breach Disclosure to Yahoo Remnant

Contact

  • 1521, Concord Pike, Suite #301,
    Wilmington, DE 19803 USA
  • 20 Montchanin Road, Suite 20,
    Greenville, DE 19807 USA
  • Contact Online

888-252-5653

About

Consumers

Businesses

The pixel
Show Buttons
Hide Buttons