The data hack saw the personal data of 57 million Uber drivers and riders stolen and was reportedly covered up by Uber's former chief security officer Joe Sullivan, who paid the hackers $100,000 to delete the stolen data and stay quiet about the entire incident.
The ride-hailing firm now acknowledges it had a legal obligation to report the hack to authorities and to the affected drivers. Uber says that the affected accounts belonging to riders are now monitored and have been additionally updated with extra fraud protection but there's now no official way of finding out if your rider's account has been breached.
Due to the lack of federal law surrounding data breach notification, Uber is subject to a number laws across 48 states, some of which state that users must be notified immediately of a data breach of their personal information.
The names and driver's license numbers of around 600,000 drivers in the United States.
Prime Minister Theresa May's official spokesman said: 'These are obviously concerning reports and the National Cyber Security Centre is working closely with domestic and global agencies, including the National Crime Agency and the Information Commissioner's Office, to investigate if and how this breach has affected people in the UK.
Details of last year's hack came last night in an extraordinary admission by the U.S. firm's chief executive.More news: Greensboro church gives Thanksgiving meals to first response crews
More news: Apple Rumored to Be Readying a New Budget-Friendly iPhone for 2018
More news: David Cassidy, Partridge Family Star With Broadway Roots, Dies at 67
We are notifying regulatory authorities. The company also ousted its security chief. We reached out to Uber for a statement, but have yet to hear back. The Information Commissioner's Office (ICO) has begun an investigation and said it had "huge concerns"...
He added: 'Deliberately concealing breaches from regulators and citizens could attract higher fines for companies'. No credit card numbers were collected, Uber said.
'We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed'.
While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection.
The fact Uber allowed not one but two attacks to happen, spaced years apart, because engineers put access keys in a publicly accessible location suggests security was hardly being considered - let alone prioritized.