FTC Puts Uber on a Short Leash for Security Breaches
It’s not nice―or smart―to deceive the U.S. Federal Trade Commission, especially while you’re in negotiations with the agency over penalties it’s going to impose for previously being dishonest.
Last August, the ride-hailing company Uber entered into a consent agreement with the FTC regarding its supposedly “securely stored” and “closely monitored” (pdf) customer and driver information. Uber bragged that it was using “the most up-to-date technology and services to ensure that none of these are compromised,” and promised that information was “encrypted to the highest security standards available.”
Alas, the FTC found these claims were more chimera than reality. As a consequence of its lackadaisical security practices, Uber experienced a data breach in May 2014 that allowed attackers to access the names and driver’s licenses of 100,000 Uber drivers, along with many of the drivers’ bank accounts and Social Security numbers.