Uber breached the privacy of more than 1 million Australians
The Office of the Australian Information Commissioner (OAIC) has handed down its determination that Uber breached the privacy of more than 1 million Australians back in 2016.
Australia’s Information Commissioner and Privacy Commissioner Angelene Falk on Friday stated that US-based Uber Technologies INC and Dutch-based Uber B.V. failed to secure the personal data of more than 1 million Australian customers and drivers.
The matter came to light in late 2017 that hackers stole data regarding 57 million Uber riders globally and also the data of more than 600K drivers. Rather than alerting those who were affected by this security breach, Uber on the other hand keep hidden for over a year and paid the hacker to keep it secret.
Meanwhile, Uber wanted the attackers to destroy the data and there was no proof of further abuse, OAIC said its investigation concentrated if Uber had preventative measures in the first place to secure the data of the Australian’s.
Uber Companies Violated Privacy Act 1988
Falk discovered the Uber companies violated the Privacy Act 1988 by not taking appropriate steps to safeguard Australians’ personal information from illegal access and to destroy or de-identify the data as required.
The tech giant also failed to take reasonable steps to implement practices, procedures, and systems to ensure compliance with the Australian Privacy Principles (APP), she further said.
Instead of disclosing the breach and taking responsibility, Uber paid the attackers a reward by carrying out a bug bounty program for identifying a security vulnerability. Uber didn’t perform a total assessment of the personal information that may have been accessed till it was disclosed publicly in late 2017.
Australians require assurance that they are being protected by the Privacy Act when they offer confidential data to a company, even if it is transferred overseas within the corporate group, she additionally added.
The commissioner additionally has ordered the Uber companies to designate an independent expert to analyze and report on these policies and programs and their implementation, present the reports to the OAIC and do the essential changes as recommended in the reports.
Looking for more Security News, subscribe to our newsletter and get regular updates.
Featured Image is from: gettyimages.co.uk