Uber has agreed to settle Federal Trade Commission charges it abandoned its promises to take reasonable steps to protect consumers’ personal information and to make sure that Uber employees only accessed consumer information for appropriate business purposes.
The FTC’s lawsuit alleges that Uber’s failure to provide reasonable data security allowed a hacker to access personal information about Uber drivers in May 2014. The information included more than 100,000 drivers’ names and license numbers. Uber has notified the affected drivers. The lawsuit alleges that Uber could have taken reasonable, low-cost measures that could have helped the company prevent the breach.
The FTC’s complaint also charges that Uber failed to live up to its promise to monitor driver and rider accounts for unauthorized access by Uber employees. Uber announced it would closely monitor and audit access to personal information in November 2014, after news reports alleged that Uber employees – without job-related reasons – were checking people’s trip records and other private information. The FTC alleges that Uber stopped the monitoring program months after starting it and then, for almost a year, didn’t follow up on warnings about improper access to people’s private information.
“Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data,” said FTC Acting Chairman Maureen K. Ohlhausen.
Andrew Johnson, consumer education specialist for the FTC says if you ever receive notice that your personal information may have been compromised, you should take the following steps:
- Monitor your credit by getting your free credit report through annualcreditreport.com. If the company affected by the data breach offers you free credit monitoring, use it.
- Consider placing a credit freeze or a fraud alert to make it more difficult for someone to open an account in your name.
- Contact your bank if your financial information was exposed. Request new accounts and cards if they were affected.
- Change your login and password for any compromised account and, if you use the same password anywhere else, change that, too.