Uber Fined $20,000 for Not Reporting Data Breach

Uber Fined $20,000 for Not Reporting Data Breach

January 12, 2016         Written By Natalie Rutledge

On January 7, Uber was fined $20,000 by the New York Attorney General’s office for failing to report a September 2014 data breach. In addition to the fine, Uber had to agree to make security changes.

Uber collects and stores the personal information of both drivers and riders. Riders provide their names, email addresses, phone numbers and payment card information. Drivers provide that data plus their driver’s license numbers, vehicle registration and insurance information. Additionally, the ride-hailing app company stores the geographic location of riders and drivers.

New York’s Attorney General Eric Schneiderman began investigating the company in November 2014 to determine how it collected, stored and disclosed personal information.

Making things worse for Uber, the company waited until February 2015 to report an unauthorized third party had accessed their driver names and license numbers in September 2014.

Schneiderman is satisfied with the recent penalties and Uber’s promise to improve its security practices.

“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” said Schneiderman. “I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers’ and employees’ private information.”

Some of the changes Uber has agreed to make are encrypting the geo-location of riders and requiring multi-factor authentication before an employee can view “especially sensitive” rider information. Certain Uber employees will oversee the privacy and security program and conduct security training.

Tim Erlin, director of IT security and risk strategy at Tripwire, told TopTechNews that this settlement will help to protect rider and driver personal information.

“Many of the reforms amount to industry best practices, like employing multi-factor authentication and employee training. Unfortunately, best practice often isn’t common practice,” Erlin said. “Any organization experiencing rapid growth and expansion can find itself with entrenched, habitual processes that might not meet the legal requirements of their newly expanded identity. It’s important for organizations to regularly review the information security requirements to which they might be subject as their business expands.”



The information contained within this article was accurate as of January 12, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


natalierutledge

About Natalie Rutledge

Natalie Rutledge majored in Communications at Mississippi State University. She was in sales for a number of businesses and spent nine years working as a communications advisor to various entities. Natalie can be contacted directly at natalie@lowcards.com
View all posts by Natalie Rutledge
Featured Low Interest Card
Top Features : 1.25X miles on every purchase; no annual fee; bonus of 20,000 miles once $1,000 is spent in first 3 months
Featured Cash Back Card
Top Features : 1.5% cash back on all purchases; $150 bonus after spending $500 in first 3 months
Featured No Annual Fee Card
Top Features : 2% cash back on purchases: 1% when you buy plus 1% as you pay; 0% APR for 18 months on balance transfers
Featured Bad Credit Card
Top Features : Perfect credit not required; Reports to major credit bureaus
Featured Fair Credit Card
Top Features : No annual fee; access to higher credit line after making first 5 monthly payments on time
Featured Limited/No Credit
Top Features : No annual fee; reports to major credit bureaus; access to higher credit line after making first 5 monthly payments on time