Congress presses Uber for answers around the data breach it tried to hide

It looks like Congress won’t be ignoring the recent thoroughly sketchy report that Uber failed to disclose — and made efforts to hide — about a data breach that affected 57 million users in 2016. On Monday, Senator Mark Warner issued a set of questions to the ride-sharing company regarding the hack and its failure to inform both regulators and its own users, even as the company allegedly shared information of the breach with potential investors. So far, the FTC and New York’s Attorney General have also confirmed their interest in investigating the incident to TechCrunch.

“Uber’s conduct raises serious questions about the company’s compliance with relevant state and federal regulations,” Warner writes in the letter.

While Warner’s letter addresses some of Uber’s straightforward cybersecurity failings, it also digs into the deeper question of how the company covered up its breach by paying its hackers to destroy the data they stole, including what kind of “assurances” the hackers provided to the company to demonstrate that they did in fact destroy the data in question. Warner also implies that Uber may have run afoul of the Computer Fraud and Abuse Act in its unorthodox effort to track down its hackers and force them to sign non-disclosure agreements.

“To the extent Uber had lawfully acquired information enabling it to identify the hackers who had compromised its systems, ensure they would abide by agreements to delete the data and not to disclose the breach, and transfer them $100,000, it conceivably had enough information at hand to assist law enforcement in the apprehension of these criminals,” Warner writes. “Why did Uber choose not to provide relevant forensic information to law enforcement and has this information been provided to law enforcement in the last week?”

As one of the more tech-savvy members of Congress, Warner is recently best known for his role in the Senate Intel Committee’s Russia investigation. As part of that committee’s ongoing efforts, the senator has aggressively questioned Google, Facebook and Twitter on their roles in disseminating false information from Russian state-sponsored actors. With his letter to Uber, the poster child for tech’s disdain for playing by the rules, Warner appears to be deepening his message that tech may no longer be above the regulations that govern more traditional industries.

[scribd id=365661732 key=key-CCdnG2p4USeMZF09VwAE mode=scroll]