Nov 27 2017
WASHINGTON – U.S. Senator Jerry Moran (R-Kan.) – chairman of the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security – along with Sens. John Thune (R-S.D.), Orrin Hatch (R-Utah) and Bill Cassidy (R-La.) today, in a letter to Uber Technologies Inc. CEO Dara Khosrowshahi, requested information related to recent reports of a data breach, which Uber failed to disclose promptly, involving the personal information of 57 million customers including names, email addresses, and mobile phone numbers.
Excerpt from the letter to Uber:
“The company maintains that its outside forensic experts have not seen any indication that customer trip location history, credit card numbers, bank account numbers, Social Security numbers, or dates of birth were downloaded. Nevertheless, the nature of the information currently acknowledged to have been compromised, together with the allegation that the company concealed the breach without notifying affected drivers and consumers, and prior privacy concerns at Uber, makes this a serious incident that merits further scrutiny.”
In asking Uber to answer 11 questions about the breach and the company’s response, the letter notes that Uber released a report in January 2015 concluding the company had appropriate data security and incident response plans in place. News reports that Uber paid hackers $100,000 to delete compromised information raise concerns that the company may not have followed its own policies or adhered to the letter and spirit of an August 2017 consent order the company entered into with the Federal Trade Commission (FTC) to address its privacy and data security practices.
Sen. Moran’s Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security exercises jurisdiction over consumer protection and cybersecurity issues.
The letter requests a response as soon as possible but no later than December 11, 2017.
Click here for a copy of the full letter to Uber.