The recent revelation that Silicon Valley based ride hailing firm Uber Inc. had concealed a major data breach that had supposedly affected close to fifty seven million users in 2016 is back to haunting them again.
It’s not the data breach that’s receiving a lot of flak, but what Travis and his crew at Uber supposedly did post the breach is. The top management at Uber Inc., post the data breach, apparently enlisted the help of a bunch of hackers to to destroy evidence that would have pointed the data breach to an outsider and got paid to the tune of a hundred thousand USD.
These latest set of revelations are not just a chink in Uber’s armour but in the laws as well as the legal system of states too, surrounding the required data breach disclosure practices. This destruction of evidence is surely going to be nightmare for the PR team at Uber of gargantuan proportions.
The Office of the New York State Attorney General, Eric Schneiderman, has decided to further investigate the supposed cover up by Uber Inc. post the publication of the Bloomberg report stating the same.
The currently ongoing Schneiderman investigation is not the first time that the Silicon Valley based firm has locked horns with the Attorney General. In aggressive pursuit of the expansion of its business operations, It has been flouting rules and laws for quite some time in cities as well as the whole state tangling up with both their legal bodies.
New York is no exception, with the current ongoing investigation. Earlier in 2016 Uber had managed to reach an agreement with Schneiderman’s office to settle the case called God View as well as the company’s failure to timely report an earlier data breach. Uber had been illegally abusing the private data of its users in a rider tracking system which they had very aptly named God View.
The terms of the the settlement were that Uber was to encrypt the rider geodata as well as institute a multi factor authentication system to verify the identity of anyone accessing rider data and make other standard security enhancements to protect consumer privacy.
The company had also agreed to the payment of a fine totalling twenty thousand USD for the earlier data breach mismanagement. The fine is paltry in size compared to that of the size of the company but the other security requirements do provide some closure to the users as well as state department.
The FTC, when approached for a comment regarding the latest Uber Inc. data breach, said that it did not have any comment to make. Uber’s earlier settlement with the FTC regarding the God View case also entailed the FTC to audit the firm’s stance on privacy and security for a timeline of twenty years.
The interest shown in Uber Inc. with the currently ongoing scandal by the New York Attorney General can eventually even lead to Uber being in the hot seat in its parent state of California too.
As per the laws in California, the Civil Code 1798.82 states that businesses are to disclose details of data breaches affecting more than 500 state residents to the Attorney General in the most expedient time possible and without unreasonable delay.