Newsroom

Uber just Friday disclosed a nine-month-old data breach that affected potentially 50,000 drivers – one more example supporting NAFCU's call for Congress to pass national data security and breach notification standards for merchants.

According to reports, names and driver's license information on as many as 50,000 drivers who have used the Uber ride-hailing app was affected by a breach that occurred last May. Uber discovered the breach Sept. 17. It began telling customers about it Friday.

NAFCU President and CEO Dan Berger said this is further evidence of the need for Congress to enact data security standards for merchants.

"Credit unions and other financial institutions have a set of uniform standards they must follow under the 1999 Gramm-Leach-Bliley Act to protect consumers' nonpublic personal and financial data," said Berger. "It's clear there is a need for a set of national standards for merchants to help reduce the number of breaches, hold merchants accountable and facilitate corrective action earlier."

Congress is looking at legislation to facilitate information sharing between the private and government sectors; NAFCU is urging that data security and cybersecurity be addressed together.

NAFCU is a member of the Payments Security Task Force, a diverse group of participants in the payments industry that is driving a discussion on payments system security. It is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.