From the Wall Street Journal
Millions of Uber customers are only just now learning about a massive data breach that occurred at the company in October 2016, and School of Information professor Deirdre Mulligan comments on the case in this story. She had served as an advisor to California lawmakers when they were drafting their policy on breach notifications.
Mulligan says, “The provisions that allow for delay are not about getting your new management in order.” Uber, which is based in San Francisco, has said that the names, email addresses and phone numbers for millions of riders were accessed, as well as the driver's license numbers for about 600,000 drivers, and that, she says, would have triggered California's disclosure requirement.
By Greg Bensinger and Robert McMillan
While the massive data breach at Uber Technologies Inc. didn’t happen under the watch of its new chief executive, more than two months elapsed before he notified affected customers and drivers of the incident, people familiar with the matter said....