The Privacy Commissioner is considering investigating Uber for breaching its New Zealand customers' privacy.
The Privacy Commissioner says the one-year gap between the breach happening and Uber notifying the Commission was unacceptable. Photo: 123 RF
It emerged yesterday the ride-sharing service concealed a breach last year that affected 57 million customers and drivers worldwide.
Uber says 57 million names, phone numbers, and email addresses were downloaded, but credit card and bank account information was not.
Within that number, 600,000 drivers had their names and license details exposed.
Drivers have been offered free credit monitoring protection, but per Uber's statement, affected customers will not be given the same.
It is not clear how many Kiwis were affected.
The 2016 breach was hidden by the ride-sharing firm which paid hackers $100,000 ($NZ145,000) to delete the data.
John Edwards. Photo: supplied
Privacy Commissioner John Edwards said the one-year gap between the breach happening and Uber notifying the Commission was unacceptable.
Companies are required to disclose significant data breaches to regulators, something it has by its own admission failed to do in this case.
Mr Edwards said his office is "monitoring the situation" and could investigate complaints from people whose information was leaked.
Uber did not confirm precise details of the hack, but according to Bloomberg's report, two hackers were able to access a private area of GitHub, an online resource for developers.
From there it is understood they found Uber's log-in credentials to Amazon Web Services. AWS is a cloud computing service used by companies to store data.
In the wake of the news, Uber's chief security officer Joe Sullivan has left the company.
- RNZ / BBC
