Share to Facebook Share to Twitter Share to Google Plus Share to LinkedIn

Uber, known to many globally for their hailing app, have recently come clean about a data breach that took place in October 2016.

The Breach

The breach, which happened in October 2016, is reported to have affected the personal details of 57 million customers and drivers globally. This breach was also kept quiet and neither the affected parties nor authorities/regulators were informed about this breach.

Uber have also admitted that they paid $100,000 to the hackers to ensure the data was deleted. Dara Khosrowshahi, CEO of Uber, stated the company had “obtained assurances that the downloaded data had been destroyed”

The Data

Some of the information that hackers managed to steal from the system was names, email addresses and phones numbers of customers and names and driver license numbers from around 600,000 drivers.

It is believed that hackers managed to gain access to Uber’s Amazon Web Service (AWS) account. The data, reportedly, was kept in an unencrypted format meaning that the hackers would have been able to read the information straight away.

Consequences

The UK’s data watchdog has raised concerns about the covered. Under current legislation any firms that operate in the UK can be fined up to £500,000 for failing to inform users if their data is stolen because it is an offence under the Data Protection Act.

Going forward with GDPR being launched next year the most serious of breaches can bring fines of £17 or 4% of global turnover, whichever is the higher amount. There are other risks to Uber such as the right for the ICO to remove the ability for a company to process data.

What has Uber had to say

Uber has been fairly limited on their comments so far about the case. The new CEO Dara Khosrowshahi has said the following: "None of this should have happened, and I will not make excuses for it." You may be asking why we are just talking about this now, a year later.” "I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.” “While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
Uber also stated that they’ve started the process of notifying the relevant regulators but this was the last comment made on the situation.

Further Reading

For more information, please visit: https://www.theguardian.com/technology/2017/nov/21/uber-data-hack-cyber-attack