Hacking Uber: Threatening Implications of Malicious Attacks to its Customers
Uber concealed information for more than a year that hackers had stolen the personal data of 57 million Uber users and drivers.
In a statement on the 2016 attack, Uber also published resources for riders and drivers.
Apparently, two people were responsible for the hack on a third-party cloud service.
The statement said the duo stole names and driver’s license numbers of around 600,000 drivers in the U.S., as well as rider names, email addresses, and mobile phone numbers.
Fortunately, other information like location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth do not appear to have been stolen.
“All affected drivers will get free credit monitoring and identity theft protection.
“None of this should have happened, and I will not make excuses for it,” CEO Dara Khosrowshahi said in the statement.
Khosrowshahi was not with the company at the time of the hack attack, having joined as CEO just this fall.
The investigators found out that Uber paid the hackers $100,000 to delete the data and keep the breach quiet. They also did not report the incident.
The ride-hailing company also fired chief security officer Joe Sullivan who was previously a security boss at Facebook for his role in hiding the data breach.
“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals.
“Following this, we identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures,” Uber said in a statement.
However, it did not address the payment.
New York Attorney General Eric Schneiderman launched an investigation into the hack, according to Press Secretary Amy Spitalnick.
Earlier this year, Uber agreed to 20 years of privacy audits. This is just after the FTC said it had “failed consumers” after a 2014 data breach.
In that separate case, the FTC said Uber failed consumers by misrepresenting its security measures. Further, Uber failed to monitor its employees’ access to personal information about users and drivers. Such negligence has caused the breach into the users’ most personal data.
The data breaches, while small in comparison to Yahoo’s 3 billion-account cyberattack, is the latest of several missteps within the ride-hailing giant.
The company has fielded scrutiny over allegations of sexual harassment and workplace misconduct. Moreover, numerous executives have been sparring with the board of directors, as well as with regulators from London to Singapore.
Former CEO Travis Kalanick knew about the 2016 hack.
“You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it,” new CEO Khosrowshahi said of the breach.
The systems used by companies with all kinds of confidential data involved must be secured in the best possible way. IT security experts are one of the most important team members in the company to ensure data protection. Data security is crucial for every business, all data is important data, regardless of a company’s size.