Free tools and resources for Data Protection Officers!

Tag Archives for " Uber "

Uber fined €400,000 in France over data breach

Uber in France has been hit with a €400,000 fine by the country’s data protection watchdog in response to a major data breach the company experienced in 2016.

The Commission Nationale de l’information et des Liberties (CNIL) said 1.4 million customers of Uber France SAS were impacted by the breach and said it could have been prevented if the company had implemented “basic security measures”.

Full article: Uber fined €400,000 in France over data breach

Uber fined $148m for failing to notify drivers they had been hacked

Uber will pay $148m and tighten data security after the ride-hailing company failed for a year to notify drivers that hackers had stolen their personal information, according to a settlement announced on Wednesday.

The company reached the agreement with all 50 states and the District of Columbia after a vast data breach in 2016. Instead of reporting it, Uber hid evidence of the theft and paid ransom to ensure the data wouldn’t be misused.

Source: Uber fined $148m for failing to notify drivers they had been hacked | Technology | The Guardian

Uber to share its London data in latest charm offensive

Uber is fighting to keep its 40,000 drivers operating on the roads of Britain’s capital city, its most important European market, after Transport for London (TfL) deemed it not “fit and proper” to run a taxi service, in a move which it is appealing.

The Silicon Valley firm has announced a number of changes to its business model in recent months including the introduction of 24/7 telephone support and the proactive reporting of serious incidents to London’s police.

Source: Uber to share its London data in latest charm offensive

Uber faces potential $13.5 million lawsuit over data breach

Uber is facing another lawsuit over the massive 2016 data breach. This time, it’s from Pennsylvania Attorney General Josh Shapiro, who alleges Uber violated the state’s data breach notification law.

Shapiro specifically alleges Uber violated the Pennsylvania Breach of Personal Information Notification Act, which requires companies to notify people impacted by a data breach within a reasonable amount of time. That specific law enables the Attorney General’s office to seek up to $1,000 for each violation.

Source: Uber faces potential $13.5 million lawsuit from Pennsylvania attorney general over data breach | TechCrunch

Bug allows hackers to bypass Uber’s two-factor authentication ‘expected behavior’

As reported by our sister site ZDNet, Uber has formally acknowledged a bug in its two-factor authentication method, while at the same time saying it didn’t require an immediate solution.

Security researcher Karan Saini, who filed a bug with Uber’s bug bounty program, reached out to ZDNet after the bug was rejected. Uber’s response? It was “informative,” meaning “This report contained useful information but did not warrant an immediate action or a fix.”

Source: Uber calls bug allowing hackers to bypass two-factor authentication ‘expected behavior’ – TechRepublic

Uber paid $100,000 to keep data breach secret

A 20-year-old Florida man was responsible for the large data breach at Uber Technologies Inc last year and was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters.

Source: Exclusive: Uber paid 20-year-old Florida man to keep data breach secret – sources

Teralytics wants to tap telcos’ big data to help cities get smarter about Uber and Lyft

Big data is an expansive umbrella with startups of all stripes squatting under it. Even as the most successful and powerful data miners of the modern web are undoubtedly the dominant consumer platforms — Google, Facebook, Apple and Amazon in the West, and China’s WeChat in Asia — whose vast digital empires yield them both quantity and quality of data to use as they please.

Source: Teralytics wants to tap telcos’ big data to help cities get smarter about Uber and Lyft | TechCrunch

Key New Takeaways from Uber’s Privacy and Data Security Settlement with the FTC

On August 15, 2017, the Federal Trade Commission (FTC) announced that it had reached an agreement with Uber Technologies to settle allegations that the ride-sharing company had deceived consumers by failing to live up to its privacy and data security promises. 1 Specifically, the FTC levied two deception counts against Uber: (1) that the company had failed to consistently monitor and audit internal access to consumers’ personal information, despite public promises to do so; and (2) that the company had failed to provide reasonable security for consumers’ personal information stored in its databases, despite its security promises.

Source: Key New Takeaways from Uber’s Privacy and Data Security Settlement with the FTC

>