WASHINGTON -- Congress wants answers from Uber about why it failed to disclose a massive data breach in October 2016 until last week and how information on 57 million accounts may have been compromised.
The leaders of the Senate Commerce and Finance Committees on Monday sent a letter to new Uber Technologies Inc. CEO Dara Khosrowshahi asking about the breach and the San Francisco company's response.
"The company maintains that its outside forensic experts have not seen any indication that customer trip location history, credit card numbers, bank account numbers, Social Security numbers, or dates of birth were downloaded," the letter said. "Nevertheless, the nature of the information currently acknowledged to have been compromised, together with the allegation that the company concealed the breach without notifying affected drivers and consumers, and prior privacy concerns at Uber, makes this a serious incident that merits further scrutiny."
Uber revealed that it paid the cybercriminals $100,000 to keep quiet about the hack and delete the stolen information rather than informing authorities, customers and drivers. Stolen data included names, email addresses and phone numbers. In January, 2016, Uber was fined $20,000 by the attorney general of New York for failing to promptly disclose a previous data breach. After learning about the latest breach, Khosrowshahi, who took over in September, asked for the resignation of Security Chief Joe Sullivan and one of his lieutenants.
In 2015, Uber insisted it had sufficient safeguards to protect consumer data from unauthorized access and use.
The letter asks for Uber's response by Dec. 11.