Authorities in the UK are investigating a hack suffered by Uber, which exposed the data of more than 50 million users from across the world.
The Independent Commissioner’s Office (ICO), an independent body established to uphold information rights, released a statement noting how Uber’s concealed data breach raised “huge concerns around its data protection policies and ethics”.
James Dipple-Johnstone, the ICO’s deputy commissioner said in the statement: “It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.
“We’ll be working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.
“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies,” the statement concludes.
A spokesperson for the National Cyber Security Centre (NCSC) also highlighted the need for companies to report cyber attacks.
“The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim.
“We are working closely with other agencies including the NCA and ICO to investigate how this breach has affected people in the UK and advise on appropriate mitigation measures.
“Based on current information, we have not seen evidence that financial details have been compromised,” they added.
The breach took place last year and was concealed by Uber, which paid hackers $100,000 (£75,000) to erase all the stolen data, which included names, email address and phone numbers.
It’s believed that the personal information of approximately 7 million drivers was also accessed – including US driver license numbers. Social security numbers and credit card details have not been comprised, Uber said.
A few days ago, Uber ousted its chief security officer Joe Sullivan and one of his deputies for their reported involvement in concealing the hack.