Hackers accessed the names, email addresses and phone numbers of millions of passengers, and about 600,000 drivers had their license numbers compromised.
It comes after it was revealed Uber had paid hackers £75,000 in "hush money" to keep quiet about a cuber attack that affected 57million drivers and customers. Dara Khosrowshahi, who assumed the role on September 5, was supposed to be a kinder, gentler chief executive of the ride hailing company, but as The Wall Street Journal reports, this song is starting to sound familiar.
The data breach and attempted cover-up occurred while Uber was already under investigation by the Federal Trade Commission, which settled separate allegations with the company in August. "We initiated our inquiries and are gathering all the information that can help us assess the scope of the data breach and take the appropriate steps to protect any Italian citizens involved", said Antonello Soro, President of the Italian Data Protection Authority on Wednesday.
Companies are required to disclose significant data breaches to regulators, something it has by its own admission failed to do in this case. Fortunately, the tech company has said that no social-security numbers, credit-card information, trip location details or other data was taken.
We are individually notifying the drivers whose driver's license numbers were downloaded.
Uber reportedly tracked down the hackers and pressured them to sign non-disclosure agreements so news of the breach did not get out.
"None of this should have happened, and I will not make excuses for it", he wrote.
Sense of Security chief technology officer Jason Edelstein said greater attention needed to be paid to "properly" enforcing the regulations when introduced, as having even basic personal information stolen could have dire consequences for consumers.
Downing Street said United Kingdom authorities were not informed of the hack at the time of its initial discovery by Uber a year ago.
"The National Privacy Commission (NPC) is concerned about the possible impact of the breach on our citizens", Liboro said.
"It is a worldwide incident and it is unclear at this stage which countries were affected by the hack".
When sought for comment on the hacking incident, Land Transportation Franchising and Regulatory Board (LTFRB) Member Aileen Lizada told CNN Philippines Uber has to be "transparent", and said the board will call Uber to meet on the issue.
"At this stage, our initial assessment is that the stolen information is not the sort that would allow direct financial crime, but we are working urgently to verify that further, and we rule nothing out", the minister said.
He said that, as soon as it became aware of the incident, the NCSC had "reached out to worldwide partners" to get a better understanding of any potential threat, adding: "That work is ongoing".