Uber Reveal $100,000 Data Breach

Uber Reveal $100,000 Data Breach

November 22 2017 | Published by Marie Stanley | Blog Industry News

Uber have been prominent in the news over the past year with alleged exploitation and sexual assault claims along with the Transport of London deciding not to renew their licence to operate in the city. They’ve made an appearance in the media once again, and its only more bad news.

Uber has confirmed that it concealed a major cyber security hack which is said to have affected 50 million customers and 7 million drivers in the United States back in October 2016.

The hack, which is said to have compromised personal data including names, email addresses, phone numbers and licence plates, was allegedly covered up by the company’s Chief Executive at the time, Travis Kalanick.

The company paid out $100,000 (£75,000) to hackers to have the data deleted and the breach covered up.

Kalanick stepped down as CEO in June of this year after major investors demanded his resignation.

Two employees from Uber are said to have been dismissed over the breach;- Chief Security Officer, Joe Sullivan and deputy Craig Clark.

Uber confirmed that no other data was accessed and that credit card details of its customers remain safe. It has also offered free identity theft protection and credit monitoring to those drivers whose licence numbers had been compromised.

Current Chief Executive, Dara Khosrowshahi, who took over in September 2017 issued a statement:-

‘None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.’  [Source: The Guardian]

Chris Hoofnagle of the Berkeley Centre for Law and Technology commented:-

‘The only way one can have direct liability under security breach notification statues in the US is to not give notice. Thus, it makes little sense to cover up a breach.’  [Source: Bloomberg Technology]

Khosrowshahi commented that the data .'..had been stolen from a  third-party cloud-based service – understood to be Amazon Web Services, which the attackers accessed using legitimate passwords stolen via coding website GitHub.’ [Source: Sky News]

Uber joins a growing list of high-profile businesses that have been targeted in recent years. Joining the likes of Yahoo, Deloitte, Equifax and Bupa.