Last week Uber revealed it was subject to an attack that exposed the information of about 57 million riders and drivers. This week, several senators are asking more questions.
In a letter, Democratic Senator Mark Warner of Virginia commends Uber CEO Dara Khosrowshahi for coming forward, but asks why he didn’t do so sooner. He also has more specific inquiries about why multi-factor authentication wasn’t employed, which third party investigated the hack, and how the company knows that the stolen data was actually deleted.
Consumers deserve answers about Uber’s massive data breach and the months it took the company to notify customers and drivers. My letter to Uber’s CEO: pic.twitter.com/YTMQlIZHDM
— Mark Warner (@MarkWarner) November 27, 2017
Khosrowshahi is eager to put Uber’s regulation-evading ways behind it, but lawmakers don’t seem keen to let the company off the hook for past grievances. This new incident is already facing scrutiny from states that legally require companies to tell customers when their personal data has been breached. The Senate Committee on Commerce, Science, and Transportation has also asked Khosrowshahi to answer further questions. Senators John Thune, Orrin Hatch, Bill Cassidy, and Jerry Moran want details on which regulators were contacted when and whether Uber is acting in accordance with the FTC’s privacy rules. At the heart of their concerns is whether Uber adequately protected its users. If they find it did not, the company could face penalties.
The four senators have asked that Uber brief their staffs by December 1, 2017.