A number of European Union member states pledged to investigate Uber over a controversial hacking attacked suffered by the company in late 2016 which compromised the privacy of tens of millions of its drivers and riders and was covered up by the ride-hailing service provider, having only been uncovered earlier this week. Italy, Spain, and the Netherlands are all probing the circumstances surrounding the controversy, as is the United Kingdom, according to official statements from their competent regulators.
According to initial reports, the massive data breach that occurred in October 2016 compromised approximately 50 million riders and seven million drivers, with hackers obtaining data ranging from names, phone numbers, emails, and even driver's license numbers. Uber insists no highly sensitive information like credit card details, social security numbers, or movement histories have been compromised as a result of the attack, yet the company paid $100,000 to hackers not to publicize the information as part of a move oversaw by its former Chief Security Officer Joe Sullivan who was fired in the aftermath of the controversy. The attack is understood to have affected drivers and riders in all parts of the world, whereas former Chief Executive Officer Travis Kalanick was aware of it, insiders claim.
Uber doesn't believe the stolen data was ever used, whereas the $100,000 payoff was meant to guarantee its deletion, though the company's new management headed by CEO Dara Khosrowshahi apologized for the ordeal and said it was legally obliged to report it to U.S. authorities, especially in light of the fact that it was the subject of an unrelated privacy probe from the Federal Trade Commission at that time. The FTC ultimately ended up settling with Uber but not without proclaiming that the world's most valuable startup "failed consumers" by not adequately protecting their privacy and misrepresenting its efforts to do so in the first place. Privacy regulators on the Old Continent presently don't yield the authority to issue large fines to private companies over data breaches but will be granted more power come next May when they'll be able to penalize similar incidents with up to four percentage points of annual sales generated by firms found to be in such violations. Uber's European headquarters in the Netherlands notified local authorities about the attack after initial reports of the incident emerged on Tuesday, though it's currently unclear how long will EU member states be investigating the matter.