Uber data breach: British customers feared affected after firm failed to notify UK authorities
Uber faces increased scrutiny and has been warned by British authorities that it may face higher fines.
Uber reportedly failed to alert British authorities about the massive data breach it suffered in 2016, Downing Street said. Uber confirmed the breach, which exposed the personal information, such as names, phone numbers and email addresses of around 57 million customers and drivers across the world.
British security services as well as the Information Commissioner's Office are reportedly still investigating the scale of the damage caused by the hack and have warned Uber that it could face higher fines. Uber reportedly said that it was still unable to confirm how many British customers' data may have been compromised as a result of the hack.
The Guardian reported that Prime Minister Theresa May's official spokesperson said, "These are obviously concerning reports and the National Cyber Security Centre is working closely with domestic and international agencies, including the National Crime Agency and the Information Commissioner's Office, to investigate if and how this breach has affected people in the UK.
"It is a worldwide incident and it is unclear at this stage which countries were affected by the hack. What we do know is, based on current information, we have not seen evidence that financial details have been compromised."
Uber reportedly paid off the hackers with a $100,000 (£75,000) ransom, which the firm disguised as a bug bounty program, to ensure that the hackers deleted the stolen data and refrained from divulging Uber's lacking security.
The Information Commissioner's Office reportedly said that Uber's secrecy about the breach "raises huge concerns around its data protection policies and ethics".
"It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers," said deputy commissioner James Dipple-Johnstone, The Guardian reported.
A spokesperson for the National Cyber Security Agency (NCSC), GCHQ's cyber arm, reportedly said that companies must report cyberattacks "immediately".
"We are working closely with other agencies including the NCA and ICO to investigate how this breach has affected people in the UK and advise on appropriate mitigation measures," the NCSC spokesperson said, The Guardian reported.
Given the global nature of the breach, Uber is now facing increased scrutiny from various governments. Australia and Philippines joined the US and the UK in launching investigations into Uber after the firm announced the details of the historic breach.