Uber ‘broke law by covering up hack that hit customers’
UBER was last night accused of another cover-up after a minister suggested it played down the number of British customers affected by a cyber hack.
Pressure mounted on the taxi app when digital minister Matt Hancock confirmed there is a ‘high chance’ the firm has broken UK data protection laws.
But MPs immediately pointed out the firm faces a maximum fine of just £500,000, and would have faced multimillion pound penalties under tougher data protection laws which come into force next May.
Addressing an urgent question on the scandal in the House of Commons, Mr Hancock was asked by shadow culture minister Kevin Brennan whether Uber is guilty of breaking UK law.
Mr Hancock replied: ‘I think that of course would be a matter for the courts. But I think there’s a very high chance that it is.’
The maximum punishment for a firm for failing to look after customers’ data properly and breaching data protection laws is a £500,000 fine.
The minister added that Uber has already told authorities how many of its 5million customers in Britain may have had personal details including names, emails and mobile phone numbers stolen by hackers.
But he said: ‘In terms of the number, we do not have sufficient confidence in the number that we have been told by Uber to be able to go public on it.’
Although he declined to disclose the number given by Uber, he said a more accurate figure would be published in a ‘matter of days’. Uber has admitted covering up a cyber attack that occurred more than a year ago and exposed the personal information of 57million users and drivers worldwide.
The US firm has also revealed it paid two hackers £75,000 to keep the data breach quiet. Last night Wes Streeting, a Labour MP who lodged the urgent question in Parliament, said: ‘It is completely outrageous that more than a year after this theft took place, Uber are still unable to tell us how many British drivers and customers are affected. This stinks of a cover up.’
Earlier he told the digital minister that it was time the ‘Government stopped cosying up to this grubby and unethical company and started standing up for the public interest’.
Mr Streeting pointed out that Conservative MPs rallied to the defence of the taxi firm last month, handing out leaflets attacking Mayor Sadiq Khan’s decision not to renew its license to operate in the capital.
An investigation has been launched by the National Cyber Security Centre, the cyber security arm of GCHQ, and the Information Commissioner’s Office and the National Crime Agency.
Yesterday the National Cyber Security Centre issued guidance to all Uber customers and drivers in Britain. It stressed that, ‘based on current information, we have not seen any evidence that financial details have been compromised’. It urged customers to change their Uber passwords immediately and be on their guard against phishing attacks.
These are emails which purport to be from a trusted source such as a bank and are an attempt to trick customers into handing over private details.
The NCSC said the data gleaned from the Uber cyber attack, which also included driving licence information from Uber’s own drivers, ‘could be used by scammers to make phishing emails more convincing.’
Oliver Gower, deputy director for cyber at the National Crime Agency told the Mail his officers are looking at the hack and trying to assess the number of UK customers affected. When asked whether it would lead to a rise in phishing attacks, he added: ‘The issue will be that some of their data will already be on the dark web which they may not be aware of.’