Uber data breach from 2016 revealed along with cover up.
When it comes to making an Uber mistake, there’s no-one with a better-suited name to do so than smartphone-based “ride-hailing” company Uber. This morning it was confirmed that an Uber data breach took place making them another victim of a cyber attack, but not recently. The company shocked customers and investors by announcing that Uber concealed a hack that obtained the information belonging to 57 million customers and drivers.
Uber’s former Chief Executive Travis Kalanick knew about the cyber breach over a year ago, the attack saw that 600,000 drivers had their names and licence details exposed and Uber have provided them with free credit monitoring protection but Uber’s statement states that affected customers will not be given the same.
“We do not believe any individual rider needs to take any action. We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection.” – Uber Support
How were Uber hacked?
It is currently understood from Bloomberg’s report on the matter that two hackers gained access to a private area of the online resource for developers called “Github”. From there the hackers found Uber’s login credentials for Amazon Web Services (AWS) which is a cloud computing service used by multiple companies online to store all sorts of data, including apps. This caused the Uber data breach.
Uber is also in hot water as companies are required to disclose data breaches to different regulators, which Uber has failed to do. When the company failed to do this in 2014, they were fined $20,000 due to the failure to comply with their duty of care.
How did they solve it?
They paid the hackers. Paying the hackers $100,000 (£75,000) to delete and destroy the data files, to keep the data breach quiet from customers. Coming as a huge disappointment to customers, not only did they pay the hackers, but they followed to cover it up like it never happened. This payment was not in the form of Ransomware either, which you can read about on our blog. Uber has confirmed the data has been destroyed so it is unlikely a customer will suffer from a financial loss, but with previous cover-ups and shady actions, it’s hard to believe them at this time.
“None of this should have happened, and I will not make excuses for it.” Dara Khosrowshahi
He also stated that the downloaded information has been destroyed and they have improved their security along with firing two of their employees responsible for the failure to respond in 2016. With cyber attacks being quite common in this day and age, most will find the breach understandable, but the focus of the public is on the cover-up and their failure to provide a duty of care, especially at a time where Uber is constantly playing catch-up with their other PR disasters this year. From the TfL contract negotiations, #DeleteUber in January, Lawsuits with Google, Sexual Harassment scandal, ties with the Trump administration, CEO Kalanick arguing with Uber driver on fares, underpaying drivers and sexism in Uber’s workplace. Basically, they’ve got a lot of apologising and cleaning up to do before customers are willing to trust them.
The financial impact of a cyber attack is huge. Are you protected?
Even with top of the line cybersecurity, as we’ve seen in the past it’s often not always enough to keep hackers out of your business information. Cyber insurance is a specialist insurance policy which has been designed to help protect businesses and helps them recover in the event of a cyber incident. These incidents can come in many forms and can have devastating consequences for businesses. Cyber insurance can help businesses by offering cover for Hardware, Data Corruption, Cyber liability and crime, Data Breach expense and Loss of income.