Uber Concealed Data Breach, 57m Customer’s Information Exposed

I am getting EQUIFAX flashbacks already, and just when I thought that I wouldn’t have to deal with headaches again. So, turns out that the people at Uber also failed to do security measures and got hacked. The data of over 57 Million users and Drivers got leaked and the company tried to conceal it. Because that worked out so well for the other guys, right?

Uber concealed a massive global breach of the personal information of 57 million customers and drivers in October 2016. They didn’t notify the individuals and regulators, until today, November 21 of 2017. They also paid over $100,000 to the hackers to delete the data and keep the breach quiet.

“None of this should have happened, and I will not make excuses for it,” Uber chief executive Dara Khosrowshahi said in a statement acknowledging the breach and cover-up. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

Although this isn’t as severe as the Cybersecurity breach I am already sick of talking about. The Uber hack extracted personal data including names, email addresses and phone numbers, as well as the names and driver’s license numbers of about 600,000 drivers in the United States.

Data such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised. Dara also reassured that the company had “obtained assurances that the downloaded data had been destroyed” and improved its security.

However, the company’s “failure to notify affected individuals or regulators” had prompted him to take several steps, including the departure of two of the employees responsible for the company’s 2016 response. This includes the chief of security (At the time), Joe Sullivan.

The company’s failure to disclose the breach was “amateur hour”, said Chris Hoofnagle of the Berkeley Center for Law and Technology. “The only way one can have direct liability under security breach notification statutes is to not give notice. Thus, it makes little sense to cover up a breach.”

I really have not much else to say but, at the very least they apologized for their mishap. But what’s with companies and their lack of transparency in recent years? May I remind the readers that this was an event that happened a year and a month ago?