Colombia has given ride-hailing app Uber Technologies four months to improve its data security, the commerce regulator said on Tuesday, after a 2016 data breach affected more than 260,000 of the South American country’s residents.
Last year, Uber agreed to pay a fine of $148 million in a settlement reached in the United States for failing to disclose the massive breach.
The settlement followed a 10-month investigation into the breach, which exposed personal data from around 57 million accounts, including 600,000 driver’s license numbers.
Uber is popular in Colombia even though the government says its use is illegal. The country has not yet specifically regulated transport services like Uber, but has said it will suspend for 25 years the licenses of drivers caught working for the platform.
Of those whose data was compromised by the breach, some 267,000 are Colombian residents, the Superintendency of Industry and Commerce said in a statement, adding that Uber will have four months to show it is protecting users from fraudulent or unauthorized access to their accounts, among other things.
The company should also develop a protocol for handling future data security breaches, training for its staff on the issue, and put in place a permanent monitoring system to determine whether the new measures are adequate, the regulator said.
The required improvements must be certified by an independent third party chosen by Uber, the statement said, and will continue to be monitored for five years.
Uber’s Colombia office said in a statement it has already shown local authorities that it has “implemented various technological improvements to the security of our systems” in 2016 and after.
“We have also implemented significant changes in our corporate structure, to ensure the respective transparency in front of regulators and users in the future,” it added.
The company said in May it will spend $40 million over five years to open its third Latin American support center in Bogota in September.