$148m fine for Uber data breach cover-up
Back in 2016, hackers stole the personal data of 57 million customers and drivers from Uber Technologies in a massive data breach, which the company proceeded to conceal for more than a year. Uber swiftly sacked its chief security officer and one of his deputies for their roles in keeping the data breach hidden and also for making a ransom payment to the hackers in the form of a $100,000 transfer.
Compromised data from the October 2016 hack included the names, email addresses and phone numbers of 50 million Uber riders with the personal information of approx. 7 million drivers also being accessed, including approx. 600,000 driver’s licence numbers.
Uber data breach
David Emm, Principal Security Researcher at Kaspersky Lab, comments on the latest development: “It comes as no surprise that Uber is facing a hefty fine following its breach last year when hackers were paid $100,000 by the organisation to keep it quiet. In a breach where 2.7m people in the UK were affected, it was a reprehensible offence to pay off hackers to avoid public backlash.
“Customers that entrust private information to the care of a business should be safe in the knowledge that their data is being kept in a secure manner. For example, British Airways handled its data breach in an exemplary manner, ensuring it took the necessary precautions to inform its customers in response to the breach.
“Businesses need to ensure that they have sufficient security solutions in place, and that if they do face a data breach, they inform their customers and supply them with information to assist them during that time. It is also crucial that businesses review processes regularly to ensure that they don’t pose a security risk.
“Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures that businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on their website code and penetration testing their infrastructure. Alongside this, all passwords should be protected using secure hashing and salting algorithms.
“The best way for an organisation to combat cyber-attacks is by putting in place an effective cybersecurity strategy before that company becomes a target.”