The Privacy Commissioner is monitoring the news of Uber’s data breach that affected more than 50 million people around the world, including some New Zealanders.
Uber formally informed the Commissioner’s office yesterday evening. The breach happened in late 2016.
Uber has informed the Office that the breach included the names, phone numbers and email addresses of Uber users in New Zealand, and that the breach did not include credit card or bank account information.
Commissioner John Edwards said “While I am pleased the local representative of Uber has notified my office of the issue, the one-year gap between the breach and notification shows why breach notification should be mandatory. When personal information is lost, individuals need to take action to protect themselves. People cannot take the action they need to take if they don’t know about the data breach in the first place.”
Uber informs the Commissioner that, among other things, it will be flagging affected accounts for fraud protection.
The Commissioner’s office is currently monitoring the situation, and may investigate individual complaints by people whose information was lost in the breach.
For further information, contact Sam Grover, 021 959 050.
Note: To make a privacy complaint, go to https://privacy.org.nz/your-rights/how-to-complain/ .