Europe draws in nearly half of funds raised via initial coin offerings: report

LONDON (Reuters) – Nearly half of the cash that has poured into newly issued cryptocurrencies in recent years has been raised in Europe, research published on Thursday showed.

A Bitcoin (virtual currency) coin is seen in an illustration picture taken at La Maison du Bitcoin in Paris, France, June 23, 2017. REUTERS/Benoit Tessier/Illustration

The report by Atomico, one of Europe’s leading venture capital firms, found European-based entities have raised $1.76 billion through so-called initial coin offerings, or ICOs, since 2014, representing 46 percent of funds raised globally.

ICOs have become a bonanza for digital currency entrepreneurs. They have provided the fuel for a rapid ascent in the value of cryptocurrencies this year that has raised fears of a bubble that could burst, with bitcoin soaring more than 1,000 percent since the start of 2017. (reut.rs/2i2zvcU)

Atomico’s research is based on data compiled by California-based TokenData (www.tokendata.io) and stretches back to 2014, although more than 90 percent of ICO activity has taken place this year, researcher Ricky Tan said.

Switzerland drew in nearly half of Europe’s total – $828 million or 47 percent of ICO funds in the region, mainly through firms registered in Zug, a low-tax region near Zurich that is also the domicile for many top commodities traders, Tan said.

By contrast, North America drew in $1.08 billion of ICOs, or 28 percent of a global market that raised around $3.8 billion through the issuance of new types of digital currency.

The report predicts that larger European venture firms will begin to participate in ICOs next year, reversing their historic resistance to what many have seen as unregulated competition to traditional venture funding.

Already, top-tier U.S. venture capital firms such as Andreesen Horowitz and Union Square Ventures have actively invested in ICO fundraisings, along with some newer European funds such as Blueyard Capital of Berlin.

“But the region’s most established funds have yet to participate,” the Atomico report states. “This will change in 2018.”

ICOs function as an alternative to traditional, regulated means of fundraising through public stock market flotations or private investments by venture capitalists or other investors.

The new fundraising mechanism has flourished in unregulated markets where investment capital is scarce. China and South Korea have banned digital coin sales, while the U.S. Securities and Exchange Commission is weighing tougher rules (reut.rs/2juaqaM).

Switzerland, along with Germany and Austria dwarf other parts of Europe with $976 million raised in terms of capital – three times the funding ICOs attracted in Central and Eastern Europe and four times greater than Britain and Ireland.

But when it comes to the number of ICO projects launched, Central and Eastern Europe are way ahead with 162 of the rest of the region, followed by 90 projects in Britain and Ireland.

Additional reporting by Eric Auchard in London; Editing by Susan Fenton

Our Standards:The Thomson Reuters Trust Principles.

Related Posts:

  • No Related Posts

Does Europe have what it takes to create the next Google?

LONDON (Reuters) – Europe is making major strides to eliminate barriers that have held back the region from developing tech firms that can compete on the scale of global giants Alphabet Inc’s Google, Amazon.com Inc or Tencent Holdings Inc, a report published on Thursday shows.

An attendee interacts with an illuminated panel at Google stand during the Mobile World Congress in Barcelona, Spain, March 1, 2017. REUTERS/Paul Hanna

The region has thriving tech hubs in major cities, with record new funding, experienced entrepreneurs, a growing base of technical talent and an improving regulatory climate, according to a study by European venture firm Atomico.

While even the largest European tech ventures remain a fraction of the size of the biggest U.S. and Asian rivals, global music streaming leader Spotify of Sweden marks the rising ambition of European entrepreneurs. Spotify is gearing up for a stock market flotation next year that could value it at upward of $20 billion. (reut.rs/2wYORnI)

“The probability that the next industry-defining company could come from Europe – and become one of the world’s most valuable companies – has never been higher,” said Tom Wehmeier, Atomico’s head of research, who authored the report.

Top venture capitalists and entrepreneurs in the region told Reuters they are increasingly confident that the next world-class companies could emerge from Europe in fields including artificial intelligence, video gaming, music and messaging.

“What we still need to develop is entrepreneurs who have the drive to take it all the way – I think we are starting to see that now,” said Bernard Liautaud, managing partner at venture fund Balderton Capital, who sold his software company Business Objects to SAP for $6.8 billion a decade ago.

The Atomico report is being published in conjunction with the annual Nordic technology start-up festival taking place in Helsinki this week and set to draw some 20,000 participants.

STRONGER FUNDAMENTALS

Capital invested in European tech companies is on track to reach a record this year, with $19.1 billion in funding projected through the end of 2017 – up 33 percent over 2016, according to investment tracking firm Dealroom.co.

The median size of European venture funds nearly tripled to around 58 million euros ($68.7 million) in 2017 compared with five years ago, according to Invest Europe’s European Data Cooperative on fundraising investment activity.

Beyond the availability of funding, Europe has a range of technical talent available to work more cheaply than in Silicon Valley, enabling start-ups to get going with far less funding.

With a pool of professional developers now numbering 5.5 million, European tech employment outpaces the comparable 4.4 million employed in the United States, according to data from Stack Overflow, a site popular with programmers.

London remains the top European city in terms of numbers of professional developers, but Germany, as a country, overtook Britain in the past year with 837,398 developers compared with 813,500, the report states, using Stack Overflow statistics.

While median salaries for software engineers are rising in top European cities Berlin, London, Paris and Barcelona, they are one-third to one-half the average cost of salaries in the San Francisco Bay Area, which is more than $129,000, based on Glassdoor recruiting data.

PUSHING UP AGAINST LIMITS

Big hurdles remain. A survey of 1,000 founders by authors of the report found European entrepreneurs were worried by Brexit, with concerns, especially in Britain, over hiring, investment and heightened uncertainty in the business climate.

Although Europe has deep engineering talent, many big startups focus on business model innovation in areas such as media, retail and gaming rather than on breakthrough technology developments that can usher in new industries, critics say.

Regulatory frameworks in Europe put the brakes on development on promising technologies such as cryptocurrencies, “flying taxis” and gene editing, while autonomous vehicles and drones face fewer obstacles, the report says.

A separate study by Index Ventures, also to be published on Thursday, found that employees at fast-growing tech start-ups in Europe tend to receive only half the stock option stakes that are a primary route to riches for their U.S. rivals. Yet their options are taxed twice as much.

The Index report said employees in successful, later-stage European tech start-ups receive around 10 percent of capital, compared with 20 percent ownership in Silicon Valley firms.

“There is quite a gap today between stock option practices in Europe and those in Silicon Valley,” Index Ventures partner Martin Mignot said in an interview. “There are other issues where Europe is behind, but we think stock options should be at the top of the agenda.”

Another factor holding back Europe is that regional stock markets encourage firms to go public prematurely, Liataud said.

“Europe has markets for average companies. In the U.S., going public is hard. You have to be really, really good. You have to be $100 million, minimum, in revenue,” the French entrepreneur-turned-investor said. “Nasdaq and the New York Stock Exchange have not lowered their standards.”

($1 = 0.8442 euros)

Reporting by Eric Auchard in London; Additional reporting by Jussi Rosendahl and Tuomas Forsell in Helsink; Editing by Leslie Adler

Our Standards:The Thomson Reuters Trust Principles.

Related Posts:

  • No Related Posts

Apple May Be Eyeing a Foldable iPhone

Apple’s next big innovation may be a foldable iPhone that opens and closes like a book.

The consumer technology giant filed a patent application last week with the U.S. Patent & Trade Office that details its research into electronic devices with flexible display screens.

A foldable iPhone could eliminate some of the inconvenience of carrying full-size smartphones in pockets and purses. Instead, people could fold and then unfold them like a piece of paper when they want to make a call or check their email.

The patent application said that the technology is related to any kind of electronic device that has a display, like a “laptop computer, a tablet computer, a cellular telephone, a wristwatch, or other electronic device (e.g., a portable device, handheld device, etc.).”

If it were to create a foldable iPhone screen, Apple could likely use similar technology in its other products like Mac computers and Apple Watch.

Get Data Sheet, Fortune’s technology newsletter.

Apple isn’t the only company reportedly interested in foldable smartphones. Samsung is also rumored to be working on a foldable version of its Galaxy branded smartphones.

It should be noted that just because Apple has applied for a patent, doesn’t mean that it will indeed create a foldable iPhone. Companies routinely file and receive technology patents that never become actual products.

In any case, for people who just forked over $1,000 for a new iPhone X—don’t expect them to bend anytime soon.

Related Posts:

  • No Related Posts

Waymo Seeks Delay of Uber Trade Secrets Trial Over New Evidence

Alphabet’s (goog) Waymo self-driving car unit asked a U.S. judge on Monday to postpone an upcoming trade secrets trial against Uber Technologies (uber), so Waymo could investigate whether Uber withheld important evidence in the case.

The trial is currently scheduled to begin on Dec. 4 in San Francisco federal court. Waymo said it learned of new evidence last week after the U.S. Department of Justice shared it with the judge overseeing the case.

The two companies are battling to dominate the fast-growing field of self-driving cars.

In its court filing on Monday, Waymo said it recently learned that a former Uber security analyst sent a letter to an Uber in-house lawyer more than six months ago, which contained important facts about the case.

Waymo’s court filing is partially redacted from public view, so the details of the analyst’s letter are unclear. However, Waymo said Uber concealed the letter despite demands from Waymo and the judge to disclose all relevant evidence.

Representatives for Uber could not immediately be reached for comment.

Waymo sued Uber in February, claiming that former Waymo executive Anthony Levandowski downloaded more than 14,000 confidential files before leaving to set up a self-driving truck company, called Otto, which Uber acquired soon after.

Uber denied using any of Waymo’s trade secrets. Levandowski has declined to answer questions about the allegations, citing constitutional protections against self-incrimination.

For more about the Waymo-Uber lawsuit, watch Fortune’s video:

Earlier this year U.S. District Judge William Alsup, who is hearing the civil action brought by Waymo, asked federal prosecutors to investigate whether criminal theft of trade secrets had occurred. That probe is being handled by the intellectual property unit of the Northern California U.S. Attorney’s office, sources familiar with the situation said. No charges have been filed.

Alsup disclosed last week that he had received a letter from prosecutors, which he did not reveal. However, Alsup ordered the former Uber security analyst, the Uber in-house lawyer and another witness to appear in court on Tuesday at a final pretrial conference.

It is unusual for prosecutors to share information with a judge days before a civil case is set to begin.

Alsup already delayed the trial once before, in October, citing Waymo’s need to probe separate evidence Uber had not promptly disclosed.

Related Posts:

  • No Related Posts

Black Friday, Thanksgiving online sales climb to record high

CHICAGO (Reuters) – Black Friday and Thanksgiving online sales in the United States surged to record highs as shoppers bagged deep discounts and bought more on their mobile devices, heralding a promising start to the key holiday season, according to retail analytics firms.

Customers push their shopping carts after making a purchase at Target in Chicago, Illinois. REUTERS/Kamil Krzaczynski

U.S. retailers raked in a record $7.9 billion in online sales on Black Friday and Thanksgiving, up 17.9 percent from a year ago, according to Adobe Analytics, which measures transactions at the largest 100 U.S. web retailers, on Saturday.

Adobe said Cyber Monday is expected to drive $6.6 billion in internet sales, which would make it the largest U.S. online shopping day in history.

In the run-up to the holiday weekend, traditional retailers invested heavily in improving their websites and bulking up delivery options, preempting a decline in visits to brick-and-mortar stores. Several chains tightened store inventories as well, to ward off any post-holiday liquidation that would weigh on profits.

TVs, laptops, toys and gaming consoles – particularly the PlayStation 4 – were among the most heavily discounted and the biggest sellers, according to retail analysts and consultants.

Commerce marketing firm Criteo said 40 percent of Black Friday online purchases were made on mobile phones, up from 29 percent last year.

No brick-and-mortar sales data for Thanksgiving or Black Friday was immediately available, but Reuters reporters and industry analysts noted anecdotal signs of muted activity – fewer cars in mall parking lots, shoppers leaving stores without purchases in hand.

People shop for items in Macy’s Herald Square in Manhattan, New York. REUTERS/Andrew Kelly

Stores offered heavy discounts, creative gimmicks and free gifts to draw bargain hunters out of their homes, but some shoppers said they were just browsing the merchandise, reserving their cash for internet purchases. There was little evidence of the delirious shopper frenzy customary of Black Fridays from past years.

However, retail research firm ShopperTrak said store traffic fell less than 1 percent on Black Friday, bucking industry predictions of a sharper decline.

A cashier handles money in Macy’s Herald Square in Manhattan, New York. REUTERS/Andrew Kelly

“There has been a significant amount of debate surrounding the shifting importance of brick-and-mortar retail,” Brian Field, ShopperTrak’s senior director of advisory services, said.

“The fact that shopper visits remained intact on Black Friday illustrates that physical retail is still highly relevant and when done right, it is profitable.”

The National Retail Federation (NRF), which had predicted strong holiday sales helped by rising consumer confidence, said on Friday that fair weather across much of the nation had also helped draw shoppers into stores.

The NRF, whose overall industry sales data is closely watched each year, is scheduled to release Thanksgiving, Black Friday and Cyber Monday sales numbers on Tuesday.

U.S. consumer confidence has been strengthening over this past year, due to a labor market that is churning out jobs, rising home prices and stock markets that are hovering at record highs.

Reporting by Richa NaiduEditing by Marguerita Choy

Our Standards:The Thomson Reuters Trust Principles.

Related Posts:

  • No Related Posts

U.S. prosecutors' letter spurred orders in self-driving car lawsuit

SAN FRANCISCO (Reuters) – The judge overseeing a lawsuit between Uber Technologies Inc [UBER.UL] and Alphabet Inc’s (GOOGL.O) Waymo self-driving car unit issued a series of orders this week, prompted by information shared with him by the U.S. Department of Justice.

FILE PHOTO: The Uber logo is seen on a screen in Singapore August 4, 2017. REUTERS/Thomas White/File Picture

U.S. District Judge William Alsup in San Francisco disclosed on Wednesday that he had received a letter from Justice Department attorneys about the case, which is set for trial in December. The judge did not reveal the letter’s contents.

However, Alsup issued two subsequent orders, including one on Saturday, that discussed some details. He ordered Uber to make three witnesses, including a former Uber security analyst and a company attorney, available to testify on Tuesday at a final pretrial hearing. Trial is scheduled to begin on Dec. 4.

It is unusual for the Justice Department to share information with a judge days before a civil case is set to begin.

Earlier this year Alsup, who is hearing the civil action brought by Waymo, asked federal prosecutors to investigate whether criminal theft of trade secrets had occurred. That probe is being handled by the intellectual property unit of the Northern California U.S. Attorney’s office, sources familiar with the situation said. No charges have been filed.

Representatives for Waymo, Uber and the Justice Department declined to comment. The former Uber security analyst could not be reached for comment.

FILE PHOTO: The Waymo logo is displayed during the North American International Auto Show in Detroit, Michigan, U.S., January 8, 2017. REUTERS/Brendan McDermid/File Picture

Waymo sued Uber in February, claiming that former Waymo executive Anthony Levandowski downloaded more than 14,000 confidential files before leaving to set up a self-driving truck company, called Otto, which Uber acquired soon after.

Uber denied using any of Waymo’s trade secrets. Levandowski has declined to answer questions about the allegations, citing constitutional protections against self-incrimination.

Since the case began, Uber said its personnel have spent thousands of hours scouring its servers and other communications devices but have not found Waymo trade secrets.

In an order on Friday, Alsup referred to a former Uber security analyst in connection with the letter from the U.S. Attorney’s office and to certain “devices” the former employee said were maintained by Uber.

Alsup asked Uber to disclose whether it had searched those devices for relevant evidence in the case.

Reuters is part of a media coalition seeking to maintain public access to the trial.

Reporting by Dan Levine; Editing by Sue Horton and Marguerita Choy

Our Standards:The Thomson Reuters Trust Principles.

Related Posts:

  • No Related Posts

U.S. online sales surge, shoppers throng stores on Thanksgiving evening

(Reuters) – U.S. shoppers had splurged more than $1.52 billion online by Thanksgiving evening, and more bargain hunters turned up at stores this year after two weak holiday seasons as retailers opened their doors early on the eve of Black Friday.

A customer loads her shopping cart during the Black Friday sales event on Thanksgiving Day at Target in Chicago, Illinois, U.S. November 23, 2017. REUTERS/Kamil Krzaczynski

At the start of the holiday season consumer spending rose 16.8 percent year-over-year until 5 p.m. ET on Thursday, according to Adobe Analytics, which tracked 80 percent of online transactions at the top 100 U.S. retailers.

Surging online sales and a shift away from store shopping have thinned the crowds typically seen at stores on Thanksgiving evening and the day after, Black Friday, for the past two years. But a strong labor market, rising home prices and stock markets at record highs have improved shopper appetite this year.

Crowds at stores in many locations around the country were reported to be strong, according to analysts and retail consultants monitoring shopper traffic across the U.S.

“The turnout is clearly better than the last couple of years,” said Craig Johnson, president of Customer Growth Partners. “The parking lots are full and the outlet malls are busy.”

The retail consultancy has 20 members studying customer traffic in different parts of the country.

Moody’s retail analyst Charlie O’ Shea, who was in Bucks County, Pennsylvania, reported healthy traffic at local stores including consumer electronics chain Best Buy, clothing store Old Navy and retailer Kohl’s Corp.

“The weather is cooperating and people here are out,” he said.

Customers shop during the Black Friday sales event on Thanksgiving Day at Target in Chicago, Illinois, U.S., November 23, 2017. REUTERS/Kamil Krzaczynski

The National Retail Federation is projecting that sales for November and December will rise 3.6 percent to 4 percent this year, versus a 4 percent increase last year. Non-store sales, which include online sales and those from kiosks, are expected to rise 11 percent-15 percent to about $140 billion.

In New Jersey, around 50 people lined up a Macy’s at the Westfield Garden State Plaza mall before it opened and around 200 people stood outside the Best Buy store, many to pick up their online orders.

Slideshow (9 Images)

“Me and my husband have a bigger place and we need a bigger TV for the living room,” said Jenipher Gomes, who bought a 50-inch Samsung TV at Best Buy for $399.99. Shopper Hammad Farooq said he waited at the store for an hour to shop for laptops and monitors.

In Chicago, shoppers appeared to be slightly less enthusiastic to emerge from their turkey slumber and crowds were thin along the city’s popular shopping destination, State Street.

“There’s a few more people than normal but I wouldn’t call this crowded at all,” Deloitte auditor Eugenia Liew said as she shopped at discount retailer Target. “I expected a lot more people.”

The holiday season spanning November and December is crucial for retailers because it can account for as much as 40 percent of annual sales. Retailers try to attract shoppers with deep discounts.

Average discounts ranged between 10 and 16 percent with the best deals online on Thanksgiving evening available for computers, sporting goods, apparel and video games, according to date from Adobe.

The number of customers shopping on their smartphones surged, accounting for 46 percent of the traffic on retail websites, while traffic from desktop and laptop computers declined 11 percent and nearly 6 percent respectively, according to the data.

Reporting by Richa Naidu in Chicago and Nandita Bose in West Hartford, Connecticut; Additional reporting by Jenna Zucker in New Jersey; Editing by Susan Thomas

Our Standards:The Thomson Reuters Trust Principles.

Related Posts:

  • No Related Posts

Uber’s Cover-Up of Its Massive Data Breach May Lead to E.U. Investigations

(BRUSSELS) – European Union privacy regulators will discuss ride-hailing app Uber‘s massive data breach cover-up next week and could create a task-force to coordinate investigations.

Uber faces regulatory scrutiny after CEO Dara Khosrowshahi said the company covered up a data breach last year that exposed personal data from around 57 million accounts.

The chair of the group of European data protection authorities – known as the Article 29 Working Party – said on Thursday the data breach would be discussed at its meeting on Nov. 28 and 29.

While EU data protection authorities cannot impose joint sanctions, they can set up task-forces to coordinate national investigations.

When a new EU data protection law comes into force next May, regulators will have the power to impose much higher fines – up to 4 percent of global turnover – and coordinate more closely.

Uber paid hackers $100,000 to keep secret the massive breach.

The stolen information included names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 U.S. drivers, Khosrowshahi said. Uber declined to say what other countries may be affected.

For more on the Uber data breach, see Fortune’s video:

“We cannot but voice our strong concern for the breach suffered by Uber, which was reported belatedly by the U.S. company. We initiated our inquiries and are gathering all the information that can help us assess the scope of the data breach and take the appropriate steps to protect any Italian citizens involved,” said Antonello Soro, President of the Italian Data Protection Authority on Wednesday.

The British data protection authority also said the concealment of the breach raised “huge concerns” about Uber‘s data policies and ethics.

Long known for its combative stance with local taxi regulators, Uber has faced a stream of top-level executive departures over issues from sexual harassment to data privacy to driver working conditions, which led its board to remove Travis Kalanick as CEO in June.

Related Posts:

  • No Related Posts

WIRED's Product Reviews Have a New Look, and a New Mission

Here at WIRED, we approach product reviews a little differently than everyone else. There are literally dozens of places on the web where you can scan all the specs and read about every feature in a new phone or a new speaker. But we try to be more helpful than that. When we write a product review, we tell you what an object is trying to achieve, how it could potentially fit into your life, and whether it’s worth caring about—or buying.

Since this publication’s birth in 1993, we’ve been bringing you coverage not only of the latest mainstream products like smartphones and TVs but also the crazy, boundary-pushing stuff. WIRED is probably the first place you read about 3-D printers and VR headsets. While much has changed over these 25 years, we’re still intent on reviewing the best products (and the gloriously odd ones) with insight, wit, and expertise. Personal technology is always marching off into unfamiliar territory. From autonomous robot vacuums to headphones that do real-time language translation to a smartphone that lets you authenticate your identity using your face, we’re here to help you navigate these new frontiers.

So, we’ve got some good news. We’re expanding our coverage to include even more product reviews. By widening our purview and testing more products across a broader range of categories, we’ll be able to help you make informed buying decisions about more things in your life. We’ve hired a staff of expert product reviewers who will be able to recommend the best cameras, parenting products, headphones, e-readers, computers, and outdoors gear, among other things.

As part of this expansion, we’re also making our product review pages more beautiful. The reviews pages now show more useful information, and they’ll be easier to read and navigate.

What’s New

Most of the changes to the redesigned product review pages are right at the top. We’ve increased the visibility of our rating, the item’s price, and the WIRED/TIRED block where we list the products’ successes and stumbles.

On some reviews, you’ll also see a new badge—something we call WIRED Recommends. This is an award we give to only the best products we’ve tested, the stuff we really love. It’s not just the items that earn the highest numerical rating, either. Only products that excel in design, technology, or value will earn that badge. This makes WIRED Recommends more than just an award; it’s a filter to get right to the gear we think truly rocks.

Also right at the top is a big blue “Buy Now” button that leads you to a storefront where you can purchase whatever amazing thing we’re telling you about. That button often leads to retailers with whom WIRED has an affiliate relationship. This is an important revenue stream for us—and it helps fund the journalism that we do, not just on the product reviews desk but across the whole organization, from our narrative stories in the magazine to our investigative online features.

A few things about the affiliate revenue we earn. First, we’re not shy about it. You can find an “Affiliate Links” disclaimer on the right-hand side of every product review. We think it’s important that publications are forthcoming about how they make money from their content. Second, this isn’t something we just tossed together to keep pace with our competitors. WIRED has had an affiliate revenue program in place for two years, and these changes you’re seeing this week are the result of careful study over that time. We’ve spent 24 months learning how this works and what’s appropriate, and now we feel like we can make these changes to our pages (and our buttons!) with confidence. Lastly, our affiliate relationships are managed by a business team that works separately from our writers and editors, and we will never let those relationships determine what products we review or recommend. We’re always going to prioritize reviewing products that are newsworthy, that add value to your life, and that make an impact in the world of consumer technology. We’ll never recommend something silly just so we can make a buck from Amazon.

You can read our full affiliate policy for more information. There are also instructions on that page that show you how to spot and disable our retail affiliate code if you want.

I think we’ve come a long way in our product coverage. We have more than 3,000 reviews in our database, a body of work that represents over 12 years of effort. I’ve seen us constantly improve our recommendations over that span of time. Our reviews are always getting more informative, more impactful, and more helpful. With this new design, I hope we can continue assisting you in make educated decisions about the beautiful, amazing, crazy things you surround yourself with.

Related Posts:

  • No Related Posts

Uber Hid 57-Million User Data Breach For Over a Year

By now, the name Uber has become practically synonymous with scandal. But this time the company has outdone itself, building a Jenga-style tower of scandals on top of scandals that has only now come crashing down. Not only did the ridesharing service lose control of 57 million people’s private information, it also hid that massive breach for more than a year, a cover-up that potentially defied data breach disclosure laws. Uber may have even actively deceived Federal Trade Commission investigators who were already looking into the company for distinct, earlier data breach.

On Tuesday, Uber revealed in a statement from newly installed CEO Dara Khosrowshahi that hackers stole a trover of personal data from the company’s network in October 2016, including the names and driver’s license information of 600,000 drivers, and worse, the names, email addresses, and phone numbers of 57 million Uber users.

As bad as that data debacle sounds, Uber’s response may end up doing the most damage to the company’s relationship with users, and perhaps even exposed it to criminal charges against executives, according to those who have followed the company’s ongoing FTC woes. According to Bloomberg, which originally broke the news of the breach, Uber paid a $100,000 ransom to its hackers to keep the breach quiet and delete the data they’d stolen. It then failed to disclose the attack to the public—potentially violating breach disclosure laws in many of the states where its users reside—and also kept the data theft secret from the FTC.

“If Uber knew and covered it up and didn’t tell the FTC, that leads to all kinds of problems, including even potentially criminal liability,” says Williams McGeveran, a data-privacy focused law professor at the University of Minnesota Law School. “If that’s all true, and that’s a bunch of ifs, that could mean false statements to investigators. You cannot lie to investigators in the process of reaching a settlement with them.”

The Hack

According to Bloomberg, Uber’s 2016 breach occurred when hackers discovered that the company’s developers had published code that included their usernames and passwords on a private account of the software repository Github. Those credentials gave the hackers immediate access to the developers’ privileged accounts on Uber’s network, and with it, access to sensitive Uber servers hosted on Amazon’s servers, including the rider and driver data they stole.

While it’s not clear how the hackers accessed the private Github account, the initial mistake of sharing credentials in Github code is hardly unique, says Jeremiah Grossman, a web security researcher and chief security strategist at security firm SentinelOne. Programmers frequently add credentials to code to allow it automated access to privileged data or services, and then fail to restrict how and where they share that credential-laden software.

“This is all too common on Github. It’s not a forgiving environment,” says Grossman. He’s far more shocked by the reports of Uber’s subsequent coverup. “Everyone makes mistakes. It’s how you respond to those mistakes that gets you in trouble.”

Who’s Affected

Uber’s count of 57 million users covers a significant swath of its total user base, which reached 40 million monthly users last year. The company hasn’t notified affected users, writing in its statement that it’s “seen no evidence of fraud or misuse tied to the incident,” and that it’s flagged the affected accounts for additional protection. As for the 600,000 drivers whose information was included in the breach, Uber says it’s contacting them now, and offering free credit monitoring and identity theft protection.

How Serious Is This?

Mass spills of names, phone numbers, and email addresses represent valuable data for scammers and spammers, who can combine those data points with other data leaks for identity theft, or use them immediately for phishing. The even more sensitive driver data that leaked may offer even more useful private information for fraudsters to exploit. All of it contributes to the dreary, steady erosion of the average person’s control of their personal information.

But it’s Uber, not the average user whose data it spilled, that may face the most severe and immediate consequences. The company has already fired its chief security officer, Joe Sullivan, who previously led security at Facebook, and before that worked as a federal prosecutor. By failing to publicly disclose the breach for over a year, the company has likely violated breach disclosure laws, and should be bracing for hefty fines in many states where its users live, as well as its home state of California, says the University of Minneapolis Law School’s McGeveran. (In statements on Twitter embedded above, former FTC attorney Whitney Merrill echoed that interpretation of those breach disclosure laws.) “I would not be surprised to see states pursuing Uber on that basis,” McGeveran says.

Former FTC attorney Whitney Merrill echoed that interpretation Tuesday on Twitter:

If the cover-up included making false statements to the FTC during its investigation of the 2014 breach—even though it was a separate incident—that could have even more dire consequences. Making false statements to the commission’s investigators, McGeveran points out, is a federal criminal offense. “This is not just a casual chat over a cup of tea. it’s a formalized investigative procedure,” McGeveran says. “They’re already being asked investigative questions by a government official. They not only know about the breach, but they’re allegedly paying hackers to cover it up. They presumably omit this 57 million person breach from their disclosure to the FTC.”

“If all of that is true,” McGeveran reiterates, “that’s huge.”

Related Posts:

  • No Related Posts