As a consumer, you expect companies to honor their promises to protect your personal information. As the nation’s consumer protection agency, so does the FTC.
Today, the FTC announced it reached an agreement with Uber to settle FTC charges that Uber abandoned its promises to take reasonable steps to protect consumers’ personal information and to make sure that Uber employees only accessed consumer information for appropriate business purposes.
The FTC’s complaint alleges that Uber’s failure to provide reasonable data security allowed a hacker to access personal information about Uber drivers in May 2014. The information included more than 100,000 drivers’ names and license numbers. Uber has notified the affected drivers. The complaint alleges that Uber could have taken reasonable, low-cost measures that could have helped the company prevent the breach.
The FTC’s complaint also charges that Uber failed to live up to its promise to monitor driver and rider accounts for unauthorized access by Uber employees. Uber announced it would closely monitor and audit access to personal information in November 2014, after news reports alleged that Uber employees — without job-related reasons — were checking people’s trip records and other private information. The FTC alleges that Uber stopped the monitoring program months after starting it and then, for almost a year, didn’t follow up on warnings about improper access to people’s private information.
What should you do if you ever receive notice that your personal information may have been compromised? The most important thing you can do is act quickly:
- Monitor your credit by getting your free credit report through annualcreditreport.com. If the company affected by the data breach offers you free credit monitoring, use it.
- Consider placing a credit freeze or a fraud alert to make it more difficult for someone to open an account in your name.
- Contact your bank if your financial information was exposed. Request new accounts and cards if they were affected.
- Change your login and password for any compromised account and, if you use the same password anywhere else, change that too.
For more, visit IdentityTheft.gov/databreach. For a personalized recovery plan, get started at IdentityTheft.gov.