14 Dec More UK cities could refuse to renew Uber’s licence after ride-hailing giants paid hackers to delete stolen data
It’s been a difficult end to 2017 for Uber.
Three UK cities, London, Sheffield and York, have refused to renew their licence, which combined with their handling of hackers stealing data, has put them between a rock and a bunch of UK cities who may start to see more cons than pros.
London were the first city to refuse Uber’s licence, citing the ride-hailing giants as not being ‘fit and proper’ to operate in the capital. Sheffield and York following suit this month, with the former saying Uber didn’t respond to their requests from Sheffield City Council regarding the management of the firm. York declined their business because of the firm’s recent hacking fiasco (more on that later).
In the midst of British cities rejecting their licence appeals, there was also the PR disaster that was UberEat’s collaboration with Krispy Kreme. To celebrate their collaboration, the doughnut giants announced that they would be giving away 36,000 donuts on UberEats to anybody that ordered a classic glazed box. Unfortunately for both sides, the incredible surge in demand was too much for the app to handle, resulting in thousands of cancelled orders and even more unhappy customers.
Just as Uber thought the worst of its troubles were behind them, Bloomberg revealed a secret Uber were really desperately trying to conceal. It was found that Uber suffered a monumental data breach in 2016 in which details of 57 million of its registered accounts, including those of drivers and customers, were obtained. Although, no credit card information, trip location details were taken.
At the time of the breach, Uber paid the hackers $100,000 to delete the data they had acquired, whilst simultaneously making sure that any news of the issue did not break. Former chief executive Travis Kalanick was accused by Bloomberg of being aware of the breach and actively covering up the story. Kalanick has since left the firm, being replaced by Dara Khosrowshahi.
Since the news broke, the Information Commissioner’s Office (ICO) (the UK’s independent regulator of the Data Protection Act) along with the National Cyber Security Centre, have been working with Uber to uncover how many UK citizens were affected in the breach.
In the latest statement from the ICO, deputy Commissioner James Dipple-Johnston said the breach affected 2.7 million user accounts in the UK, representing a big majority of its UK customer-base. Dipple-Johnstone said this on the matter:
“Uber has said the breach involved names, mobile phone numbers and email addresses. On its own this information is unlikely to pose a direct threat to citizens. However, its use may make other scams, such as bogus emails or calls appear more credible. People should continue to be vigilant and follow the advice from the NCSC.
“As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised. We would expect Uber to alert all those affected in the UK as soon as possible.”
The breach comes in the midst of data protection reforms across the EU and the UK. The General Data Protection Regulation (GDPR) will come into force in all EU member states in May 2018. The Regulation includes stronger rules around breach notification; article 33 of the GDPR states that, in the case of a personal data breach, the data controller must notify the breach to the supervisory authority without undue delay and not after 72 hours after having become aware of the breach. Article 34 adds to this by requiring organisations to inform the subjects of the data of the breach if the breach is likely to result in a high risk to the rights and freedoms of the persons involved.
With three UK cities rejecting Uber’s licence to operate, it seems a medley of factors, including but not limited to, their recent doughnut PR disaster, how they handled the data breach and the opposition faced from more traditional taxi outlets, has left Uber at risk of losing more business. PR disaster aside, York’s decision to severe their ties with the taxi giants could mark the start of more cities following suit, meaning a lot of people’s go-to taxi service is heading into 2018 on shaky ground.