After a data breach exposed information about 57 million user accounts and Uber covered it up (including paying hackers a ransom), multiple regulators criticized Uber’s response.
The FTC said it was “closely evaluating the serious issues raised.”
The New York Attorney’s General office said it opened an investigation of Uber’s actions. The Massachusetts Attorney General reported “serious concerns” about Uber’s conduct. Attorneys general in New York, Illinois, and Connecticut also opened investigations, as did the city of Portland, Oregon.
The UK Information Commissioner’s Office pointed out that “Deliberately concealing breaches from regulators and citizens could attract higher fines.” Current British law imposes penalties up to 500,000 pounds for failing to notify users and regulators about data breaches. More than 2.7 million UK users were affected.
Mexico’s National Institute of Transparency, Access to Information and Protection of Personal Data also criticized the breach and Uber’s response, seeking information about effects on Mexican citizens.
In addition, Uber faced three class action lawsuits alleging that it was negligent in its failure to protect consumer data.