UPDATED 22:25 EDT / NOVEMBER 22 2017

INFRA

Uber faces multiple investigations as former CEO is linked to hacking cover-up

Uber Technology Inc.’s woes continue to go from bad to worse as authorities in four countries launched probes into Uber’s hacking and subsequent cover-up of a serious hacking last year of 57 million customer records.

Moreover, there are new claims that former Chief Executive Officer and current board member Travis Kalanick (pictured) authorized the payment to those responsible for the October 2016 data breach in order to keep it quiet.

Investigations have been launched in Britain, Australia, Philippines and multiple U.S. states on various legal grounds, the most common theme being Uber’s failure to disclose the hack for over one year.

According to Reuters, Britain’s data protection authority said on Wednesday that concealment of the data breach raises “huge concerns” about Uber’s data policies and ethics. “Deliberately concealing breaches from regulators and citizens could attract higher fines for companies,” a spokesperson said in a statement. Under British law, failing to notify users and regulators of a data breach can incur a penalty of up to £500,000 pounds ($662,000.)

In the U.S., Illinois, Missouri, Massachusetts, New York and Connecticut have announced that they are investigating the data breach and subsequent cover-up. In New York, one of Uber’s largest markets, the State Attorney General has opened an investigation into the data breach, with a spokesperson saying that New York law requires that companies notify the state attorney general and consumers if data is stolen.

In Massachusetts, Attorney General Maura Healey told local media that her office has launched an investigation into the Uber hack that and that they “have serious concerns about the reported conduct.” Healey added that they have requested documents and other information from the ride-hailing service and that her office is “keeping all criminal and civil options on the table.”

Along with the state investigations, multiple calls have been made for an investigation to be undertaken at a federal level. The Federal Trade Commission confirmed that it was “closely evaluating the serious issues” raised in Uber’s handling of the hack.

On yet another legal front, the first class-action lawsuit relating to the hack was filed Tuesday in federal court in Los Angeles. Damages are being sought on the grounds that “Uber failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach.”

Responsibility for the cover-up was first pinned exclusively on now former Uber Chief Security Officer Joe Sullivan, but a report Tuesday from The New York Times claims that it was former CEO Travis Kalanick who ultimately gave approval to the conspiracy. It’s yet another knock on Kalanick, whose management style and practices were roundly criticized, in part for a culture marked by sexual harassment.

As further details of the cover-up emerge, security professionals are not holding back in their criticism of Uber’s actions. Shawn Burke, global chief security officer at Sungard Availability Services LP, told SiliconANGLE that “security professionals are supposed to lead by example and live by a code of ethics. Uber’s 13-month cover-up is not only criminal, it casts a shadow of doubt on those of us entrusted to protect valuable information and assets.”

Asher de Metz, security consulting manager also at Sungard Availability Services LP, added, “It’s a disgrace that the chief of security tried to hide this breach. It’s illegal and immoral. They left their drivers and customers unaware of this breach for a year.”

Citing the forthcoming introduction of the European Union General Data Protection Regulation in 2018, Simon Townsend, a chief technologist at Ivanti Inc., said the regulation “will mean that all organizations that deal with EU citizens’ data will need to report a breach within 72 hours or risk being fined up to 4 percent of their annual turnover. Considering that Uber’s revenue last year came to $6.5 billion, they’d be at risk of being fined $260 million.”

Photo: heisenbergmedia/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU