Uber suffered a cyber breach and paid $100,000 to cover it up
Uber have been in and out of the news in the last few months. From issues with their workers to licensing their product; they love controversy. The latest news to leave Uber HQ seems chaotic, even for them. In case you haven’t already heard, Uber have announced today that the data of 57 million passengers and drivers has been compromised. The information taken by the hackers include names, email addresses and phone numbers.
The real shock is that the hack occurred in October 2016. Hello, its November 2017, so why has it taken over 12 months to make it public? With Uber being an American company, the cynical amongst us may believe they waited for the country to be celebrating Thanksgiving to announce the breach. With everyone focused on enjoying a turkey dinner and being thankful for what they have, surely the scandal will have blow over by the time everyone returns to work? We don’t see this happening. Especially, as Uber reportedly paid the hackers $100,000 to silence them.
The company is headquartered in California, which means the delay in sharing the breach could cause issues with the authorities. California’s data security breach law requires disclosure in “the most expedient time possible and without unreasonable delay”. Over 12 months after the breach, it hardly seems expedient.
Of course, Uber CEO, Dara Khosrowshahi revealed the breach with a statement:
“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure.
At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.
You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.”
However, with the way Uber has handled the breach, it is going to be hard to convince the 600,000 drivers and 57 million customers affected that Uber operate an “honest and transparent” company. We will wait to see how this PR wreck handle the coming days, once they get over the ‘meat sweats‘!
Do you want to avoid a screw up like we have seen from Uber? Contact CounterHack today to find out how we can help.
