Uber admits ‘cyber crime’ involving 57 million people occurred more than a year ago

Uber is facing the threat of “tens of millions” of pounds in fines on both sides of the Atlantic for a mass data breach that exposed 57 million drivers and customers worldwide. The taxi-hailing giant has admitted cyber criminals stole the information late last year. In the UK, the penalties warning came from the Information Commissioner’s Office as investigators try to establish how many British customers were compromised. Meanwhile, the city of Chicago has filed a lawsuit against Uber for not disclosing the October 2016 breach and “failing to correct” security vulnerabilities in its system as it agreed to after a previous data hack. The lawsuit comes just days after the Illinois Attorney General’s office said it was opening an investigation into the company. In addition to Illinois, at least four other states – Massachusetts, Missouri, New York and Connecticut – said they would investigate the matter, after Uber revealed that the intrusion exposed names, addresses and number plates of 600,000 drivers in the US. Uber reportedly suppressed the incident by paying £75,500 to the hackers so they would delete the data and keep the breach quiet. The US firm’s chief executive, Dara Khosrowshahi, said: “None of this should have happened, and I will not make excuses for it.” A company spokesperson added: “We take this matter very seriously and we are happy to answer any questions regulators may have. “We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to re-gain the trust of consumers.” US Democratic Senator Mark Warner, who sent his own letter to Uber, asked the company how it managed to find the hackers in the first place. Given Uber’s “past pattern of conduct,” Mr Warner wondered if the company tried to “hack back” the hackers, which is illegal under US federal law.federal law.