Senate Republicans on Monday demanded that Uber provide information about the massive data breach it suffered, and why it took more than a year for the company to disclose it.
Uber, the ride-sharing service, informed the public this month that some of the personal information of 57 million customers had been stolen by hackers.
“Perhaps more troubling, several media reports indicate that, rather than report the incident to regulators or to affected customers, Uber instead paid $100,000 to the hackers to delete the stolen data, allegedly to conceal the breach,” the senators wrote to Uber executives.
“The nature of the information currently acknowledged to have been compromised, together with the allegation that the company concealed the breach without notifying affected drivers and consumers, and prior privacy concerns at Uber, makes this a serious incident that merits further scrutiny,” they wrote.
The Senate Commerce, Science, and Transportation Committee and the Senate Finance Committee are conducting the probe. They sent Uber 11 questions about the hacked data, which according to company executives included names, emails and cell phone numbers of customers.
Senators want to know the date Uber learned the data had been hacked and which regulator Uber notified about the incident and when, as well as what steps the company has taken to protect consumers whose information was stolen.
“Our goal is to understand what steps Uber has taken to investigate what occurred, restore and maintain the integrity of its systems, and identify and mitigate potential consumer harm and identity theft-related fraud against federal programs,” the senators wrote.
The letter is signed by Sen. John Thune, R-S.D., chairman of the commerce panel, Sen. Orrin Hatch, R-Utah, the Finance Committee chairman, as well as subcommittee chairmen Bill Cassidy, R-La., and Jerry Moran, R-Kan.
