Uber's 2016 Breach Affected More Than 20 Million US Users

An anonymous reader quotes a report from Bloomberg: A data breach in 2016 exposed the names, phone numbers and email addresses of more than 20 million people who use Uber's service in the U.S., authorities said on Thursday, as they chastised the ride-hailing company for not revealing the lapse earlier. The Federal Trade Commission said Uber failed to disclose the leak last year as the agency investigated and sanctioned the company for a similar data breach that happened in 2014. "After misleading consumers about its privacy and security practices, Uber compounded its misconduct," said Maureen Ohlhausen, the acting FTC chairman. She announced an expansion of last year's settlement with the company and said the new agreement was "designed to ensure that Uber does not engage in similar misconduct in the future."

In the 2016 breach, intruders in a data-storage service run by Amazon.com Inc. obtained unencrypted consumer personal information relating to U.S. riders and drivers, including 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver's license numbers, the FTC said in a complaint. Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

Re:

[ShanghaiBill]

no personal identifying information that could be used to create a false credit profile like SSN, DOB or physical address.

Even that is not a "data breach problem" but a "stupid financial industry policy problem". I should not be able to spend your money just because I know semi-public information such as your SSN and DOB.

Regulation

[Anonymous Coward]

This is why we need regulations for our personal data - European types of regulations.

Businesses prove time and time again that they are incapable and unwilling to protect our information.