Uber hacked, didn't say a word for a year

Adjust Comment Print

Uber suffered a data breach back in October 2016 that affected tens of millions of people, and it is just now letting the public know about it, as 2018 rolls into view.

Under new data protection rules that come into force in the European Union next May, companies will have to identify and notify regulators of data breaches within 72 hours or face significantly increased penalties. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts", he said.

Bloomberg reported that Uber paid them $100,000.

There, hackers found the username and password to access Uber user data stored in an Amazon server.

A GitHub spokeswoman said the hack was not the result of a failure of GitHub's security.

Hackers hit Uber, exposing the critical information of 57 million people who use the popular ride-share service. "We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed".

Law enforcement advises companies to not pay hackers and report breaches to the authorities.

And even the SEC has faced security issues of its own.

"Sadly, it's all too common that developers are allowed to copy live production data for use in development, testing and QA". ("In the past, we were a bit aggressive", he told a Brazilian newspaper.) And now the mishandled data breach. Neither firm paid the extortionists.

State Attorneys General from NY and MA have opened investigations into the data breach.

Uber admitted that it failed to take the correct actions.

Charlie Rose Is Accused Of Sexual Harassment By Eight Women
In a statement posted to Twitter , the veteran host said: "I deeply apologise for my inappropriate behavior". Rose could not immediately be reached on Tuesday, but on Monday apologised for his "inappropriate behaviour".

A spokesman for Transport for London, which this year announced it would not be renewing Uber's licence in the capital, said: "We are working to gain clarity from Uber on whether any of the issues seen in the United States have occurred here".

Uber is now negotiating a deal with a consortium led by SoftBank and Dragoneer Investment Group that plans to inject $1bn to $1.25bn into Uber, according to Reuters, but industry commentators said the reportedly tough negotiations could get tougher in the light of news of the breach. Did Uber security have any monitoring in place to alert them when such vast amounts of data were accessed?

It later said only about 8,000 Canadians were affected. "Deliberately concealing breaches from regulators and citizens could attract higher fines for companies", said Dipple-Johnson.

The company has not yet revealed where in the world these users and drivers were.

But viewing this data breach cover up as an incident that only Uber could commit misses the writing on the wall. And the theft of customer data offers one more reason for people to switch to Lyft Inc., which was quickly gaining market share in the USA before expanding to Canada this month, or another local ride-hailing app.

The concerns are not only limited to the breach itself; the strongest ire is coming from regulators over how Uber handled the cyberattack. "The cost of dealing with this - they're going to have lawsuits and legal fees", Grossman said.

"Companies get punished for that", Rubin said. He was replaced in August by former Expedia boss, Dara Khosrowshahi.

A stream of executives have left Uber in recent months amid controversies involving sexual harassment, data privacy and business practices in Asia. "What I learned, particularly around our failure to notify affected individuals or regulators a year ago, has prompted me to take several actions", Khosrowshahi stated in a blog post.

"Effective today, two of the individuals who led the response to this incident are no longer with the company", he said.

It recently fired Joe Sullivan, its chief security officer, and deputy Greg Clark for their handling of the incident.