Nov. 23 (UPI) — Uber faces investigations in the United States and other countries following reports of a previously undisclosed breach of the company’s data in 2016.
New York Attorney General Eric Schneiderman confirmed Tuesday the state has opened an investigation into the major data breach that affected about 57 million Uber users and driver.
Uber announced Tuesday the breach exposed the names, email addresses and phone numbers of users around the world. The breach also included the driver’s license numbers of about 7 million drivers, 600,000 of which were in the United States.
In addition to New York, four other states — Illinois, Massachusetts, Missouri and Connecticut — said they will investigate the breach.
“We’ve been in touch with several state attorney general offices and the [Federal Trade Commission] to discuss this issue, and we stand ready to cooperate with them going forward,” an Uber representative said.
CEO Dara Khosrowshahi said the company “took immediate steps” to shut down the breach and destroyed downloaded data, while Bloomberg reported the company paid hackers $100,000 to delete the downloaded data and keep the data breach secret.
Britain’s Information Commissioner’s Office said it has begun looking into the breach and Uber’s subsequent actions.
ICO Deputy Commissioner James Dipple-Johnstone said Uber’s attempt to conceal the breach raises concerns about its data protection policies and ethics.
“If U.K. citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed,” Dipple-Johnstone said.