The lawyers acting for driver and rider matching service Uber in its efforts to overturn the decision by Transport for London not to renew the firm’s licence to operate in the capital might wonder if they have accepted the impossible gig, following recent revelations about the firm’s behaviour. News of a massive data breach suggest the Uber London licence campaign may be progressing not necessarily to its advantage.
That is because what happened to Uber was not just a loss of data, but the kind of cover-up which might have made Richard Milhous Nixon blanch. As Bloomberg has reported, “Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year”.
It got worse. “Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers”.
And worse still: “Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company”.
Now, under (for instance) California law, as the Guardian has pointed out, “companies are required to notify state residents of any breach of unencrypted personal information, and must inform the attorney general if more than 500 residents are affected by a single breach”. That law encourages firms to be open about any data breach.
So what did Uber do? They paid off the hackers to delete the data that had been hacked. You read that right. Uber, under the aegis of its then CEO, the deeply unsavoury Travis Kalanick, bunged the hackers $100,000 to cover it all up. That means Uber is in line to have the proverbial book thrown at it - certainly in California it is.
That’s not all: as the BBC has also reported, “Drivers have been offered free credit monitoring protection, but according to Uber's statement, affected customers will not be given the same”. That’s anything up to 50 million highly pissed off individuals.
And while “Uber's new chief executive Dara Khosrowshahi appears to be starting as he means to go on. In his statement regarding the data breach, he said the company needed to be open and honest if is to ‘repair our past mistakes’”, just who is going to trust an assurance from a firm that has made its name taking such a cavalier approach not just to operating regulations, but every part of the law?
TfL should take a long look at this latest Uber fiasco - and show the firm the door. This is one little Wild West Show that the capital can easily manage without.