Senators Press Uber for More Details on Data Breach

Commerce Committee and its Consumer Protection subcommittee and Senate Finance and its Social Security subcommittee. Sen. Mark Warner, D-Va., ranking member of the Banking Subcommittee on Securities, wants Uber to explain why it didn't employ more "robust access management mechanisms, including strong multi-factor authentication, enabled to prevent unauthorized access to passenger and driver data," in a letter sent Monday to Khosrowshahi. "Our goal is to understand what steps Uber has taken to investigate what occurred, restore and maintain the integrity of its systems, and identify and mitigate potential consumer harm and identity theft-related fraud against Federal programs," said the letter signed by Republican Sens. John Thune, S.D., also chair of the Commerce Committee; Jerry Moran, Kan.; Orrin Hatch, Utah; and Bill Cassidy, La. The letter asks Uber when it first learned that hackers accessed consumer information; how many consumers and drivers were affected; what was done to provide notice of the breach; what types of data were compromised; whether payments were made to hackers and if so who authorized payments and how were they made; and what steps have been taken, other than monitoring services, to further protect customers from harm from the incident. The letter asks for a detailed timeline of the data breach occurrence and confirmation that customers' Social Security numbers were not obtained by hackers or in any way compromised.