Uber has been warned it faces “higher fines” for keeping details of a major hack of 57 million user and driver details under wraps.
Investigators are currently working to establish how many British Uber customers had personal information hacked during the mass data breach covered up by the taxi-hailing firm.
The Information Commissioner’s Office (ICO) has been working alongside the National Cyber Security Centre (NCSC) to assess the scale of the problem for UK users.
James Dipple-Johnstone, deputy commissioner of the information watchdog, said: “Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.
“It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.
“We’ll be working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.
“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.”
In an extraordinary admission made by the US firm’s chief executive on Tuesday, it was revealed a third-party cloud-based service had been infiltrated by cyber criminals.
MOST POPULAR STORIES ON YAHOO UK TODAY
Trump’s tweets about Russia investigation ‘could be an obstruction of justice’
Two WW2 machine guns handed in to police during firearms amnesty
North Korea leader Kim Jong-Un has ‘banned singing and drinking’
Rescued Papua New Guinea explorer denies it was ‘all just a publicity stunt’
Loch Ness Monster is ‘spotted’ for NINTH time this year as sightings soar
Student, 19, who took legal high asked ‘Is this real?’ before falling to his death
In a blog post, the company’s chief executive Dara Khosrowshahi, who took over in August, said he recently learned that two individuals outside the company “inappropriately accessed user data” in late 2016.
This included names, email addresses and mobile phone numbers, as well as the names and number plates of 600,000 drivers in the US.
Uber kept the incident under wraps by paying 100,000 US dollars (£75,500) to hackers so they would delete the data and keep the breach quiet, according to Bloomberg.
Mr Khosrowshahi said the company took steps to “keep the breach under wraps”.
He said in the post: “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals.
“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed.”
Mr Khosrowshahi said there had been “no indication” trip history, credit card details, bank account numbers or dates of birth were downloaded by the hackers.
He added: ”While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection.
“None of this should have happened, and I will not make excuses for it.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”