Portland’s mad at Uber again, this time over concealed data breach

Portland — Portland officials have demanded Uber turn over information about a massive 2016 data breach the company failed to disclose until last month.

The ride-hailing company on Nov. 21 disclosed a 2016 data breach in which hackers accessed files that included information on its drivers and riders. It also admitted it had kept the incursion under wraps for more than a year, rather than alerting affected customers, regulators or law enforcement.

In a letter sent to Uber’s CEO on Friday, Portland Commissioner Dan Saltzman said Uber had violated the city’s code by withholding information on the breach, and he demanded more information on how many Uber drivers and customers had been affected in the city.

Saltzman, who oversees the city’s transportation department, suggested the failure to notify the city of the breach might be a violation of city code, which requires companies like Uber to protect personal data and notify the city in the event of a breach.

And although Uber has been in hot water with the city before — for operating illegally in Portland before it was sanctioned, and later when it was disclosed that it used software at that time to avoid city regulators — it has maintained that it’s abided by the city code since it was amended to legalize Uber’s business.

“Uber’s past actions in the City of Portland have been severely problematic,” Saltzman wrote in the letter to Dara Khosrowshahi, Uber’s chief executive.