Senators Press Uber for More Details on Data Breach
Uber must respond by Dec. 11 to questions about its recent data breach (see 1711220029) and allegations it paid hackers $100,000 to quash the stolen information, said a letter sent Monday to CEO Dara Khosrowshahi by chairs of the Senate…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Commerce Committee and its Consumer Protection subcommittee and Senate Finance and its Social Security subcommittee. Sen. Mark Warner, D-Va., ranking member of the Banking Subcommittee on Securities, wants Uber to explain why it didn't employ more "robust access management mechanisms, including strong multi-factor authentication, enabled to prevent unauthorized access to passenger and driver data," in a letter sent Monday to Khosrowshahi. "Our goal is to understand what steps Uber has taken to investigate what occurred, restore and maintain the integrity of its systems, and identify and mitigate potential consumer harm and identity theft-related fraud against Federal programs," said the letter signed by Republican Sens. John Thune, S.D., also chair of the Commerce Committee; Jerry Moran, Kan.; Orrin Hatch, Utah; and Bill Cassidy, La. The letter asks Uber when it first learned that hackers accessed consumer information; how many consumers and drivers were affected; what was done to provide notice of the breach; what types of data were compromised; whether payments were made to hackers and if so who authorized payments and how were they made; and what steps have been taken, other than monitoring services, to further protect customers from harm from the incident. The letter asks for a detailed timeline of the data breach occurrence and confirmation that customers' Social Security numbers were not obtained by hackers or in any way compromised.