UK regulator has 'huge concerns' over Uber breach

The UK's information commissioner has "huge concerns about Uber's data policies and ethics" following a breach that exposed the details of 57 million customers and drivers.

Uber did not tell anyone about the breach and paid a ransom to hackers to delete the data.

Deputy commissioner James Dipple-Johnson said these actions were unacceptable.

The ride-sharing company has a resource page for those who may be affected.

"It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. Deliberately concealing breaches from regulators and citizens could attract higher fines for companies," Mr Dipple-Johnson said.

"If UK citizens were affected, then we should have been notified so that we could assess and verify the impact on people whose data was exposed."

He said the Information Commissioner's Officer (ICO) would work with the National Cyber Security Centre (NCSC) to determine the scale of the breach and how it affected people in the UK, as well considering the next steps that Uber needed to take to comply "with its data protection obligations".

Next year, EU countries will radically alter data protection laws to offer consumers greater control over the data they share with companies.

Original Source: http://www.bbc.co.uk/news/technology-42079937