Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uber's 2016 Breach Affected More Than 20 Million US Users (bloomberg.com)

Posted by BeauHD on from the there's-more-where-that-came-from dept.

An anonymous reader quotes a report from Bloomberg: A data breach in 2016 exposed the names, phone numbers and email addresses of more than 20 million people who use Uber's service in the U.S., authorities said on Thursday, as they chastised the ride-hailing company for not revealing the lapse earlier. The Federal Trade Commission said Uber failed to disclose the leak last year as the agency investigated and sanctioned the company for a similar data breach that happened in 2014. "After misleading consumers about its privacy and security practices, Uber compounded its misconduct," said Maureen Ohlhausen, the acting FTC chairman. She announced an expansion of last year's settlement with the company and said the new agreement was "designed to ensure that Uber does not engage in similar misconduct in the future."

In the 2016 breach, intruders in a data-storage service run by Amazon.com Inc. obtained unencrypted consumer personal information relating to U.S. riders and drivers, including 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver's license numbers, the FTC said in a complaint. Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

6 comments

  1. Who cares? by Anonymous Coward · · Score: -1

    How the heck is this a "data breach"?

    A data breach in 2016 exposed the names, phone numbers and email addresses of more than 20 million people who use Uber's service in the U.S.

    Names, phone numbers, and e-mail addresses? You mean, the lists you can buy from one of dozens of data brokers in the US for a pittance? THAT's what was "stolen" in a "data breach"? Hell, Google can match names to their corresponding phone numbers and e-mail addresses.

    No leaked passwords, no personal identifying information that could be used to create a false credit profile like SSN, DOB or physical address. No credit card numbers. No passwords (even hashed passwords). Just names, phone numbers, and e-mail addresses.

    That's so close to public-domain information these days that it hardly seems worth reporting on.

    I loathe Uber as a company - their policies, their attitude, their predatory approach to life. And getting breached at all is a very bad thing that reflects incredibly poorly on your company's practices. But come on - the Target breach this wasn't.

    1. Re:Who cares? by Anonymous Coward · · Score: 0, Informative

      You don't loathe Uber, that's an obvious lie.

    2. Re:Who cares? by ShanghaiBill · · Score: 0

      no personal identifying information that could be used to create a false credit profile like SSN, DOB or physical address.

      Even that is not a "data breach problem" but a "stupid financial industry policy problem". I should not be able to spend your money just because I know semi-public information such as your SSN and DOB.

  2. Regulation by Anonymous Coward · · Score: 1

    This is why we need regulations for our personal data - European types of regulations.

    Businesses prove time and time again that they are incapable and unwilling to protect our information.

    1. Re:Regulation by Anonymous Coward · · Score: -1

      Regulations bring democrat party to make our goverments huge and destroy able of companys to profit off hard work and bootstraps. NO TO REGULATION.

  3. Obligatory... by Anonymous Coward · · Score: 0

    Zuck zucked up far worse.