Uber Fell Victim to Hack Last Year

Yesterday, Uber disclosed a large-scale cyberattack that occurred in October of 2016 that exposed the confidential data of 57 million customers and drivers. This data included names, email addresses and phone numbers, as well as 600,000 drivers’ license numbers. Uber failed to alert victims or regulators of the breach when it was first discovered, and tried to cover up the hack. Former CEO Travis Kalanick was informed of the attack one month after it happened, but it was not publicly announced and was concealed by Chief Security Officer Joe Sullivan.

The hack was executed by two attackers who accessed a private coding site used by Uber software engineers. They then used login credentials they obtained on the coding site to access data stored on an Amazon Web Services account that handled computing tasks for the company, where they discovered rider and driver information. After collecting this data, they emailed Uber asking for money, and the company allegedly paid the hackers $100,000 to delete the data and not publicize the breach to media or regulators. Unfortunately, there is no way of knowing if the hackers actually deleted the data.

Luckily, no location history, credit card numbers, Social Security numbers, or dates of birth were involved in the hack, but Uber is providing free credit monitoring to those drivers who had their license numbers exposed.

Uber’s new CEO as of August, Dara Khosrowshahi, stated that once they discovered the data breach, they “took immediate steps to secure the data and shut down any further unauthorized access,” as well as “implement security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

This is the second time since 2014 that Uber has been in hot water for failing to disclose a data breach, which is a problem when it comes to state laws regarding data breach disclosure practices.

Even though Uber is a huge company, businesses of any size can learn a lesson from this hack. Not only is it vitally important to secure data and have sufficient security measures in place, but it’s also important to know how to properly deal with a data breach if it were ever to occur in your business.

Feel free to contact us with any questions or concerns regarding your company’s data security.

Readers Comments

Uber Fell Victim to Hack Last Year

Yesterday, Uber disclosed a large-scale cyberattack that occurred in October of 2016 that exposed the confidential data of 57 million customers and drivers. This data included names, email addresses and phone numbers, as well as 600,000 drivers’ license numbers. Uber failed to alert victims or regulators of the breach when it was first discovered, and tried to cover up the hack. Former CEO Travis Kalanick was informed of the attack one month after it happened, but it was not publicly announced and was concealed by Chief Security Officer Joe Sullivan.

The hack was executed by two attackers who accessed a private coding site used by Uber software engineers. They then used login credentials they obtained on the coding site to access data stored on an Amazon Web Services account that handled computing tasks for the company, where they discovered rider and driver information. After collecting this data, they emailed Uber asking for money, and the company allegedly paid the hackers $100,000 to delete the data and not publicize the breach to media or regulators. Unfortunately, there is no way of knowing if the hackers actually deleted the data.

Luckily, no location history, credit card numbers, Social Security numbers, or dates of birth were involved in the hack, but Uber is providing free credit monitoring to those drivers who had their license numbers exposed.

Uber’s new CEO as of August, Dara Khosrowshahi, stated that once they discovered the data breach, they “took immediate steps to secure the data and shut down any further unauthorized access,” as well as “implement security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

This is the second time since 2014 that Uber has been in hot water for failing to disclose a data breach, which is a problem when it comes to state laws regarding data breach disclosure practices.

Even though Uber is a huge company, businesses of any size can learn a lesson from this hack. Not only is it vitally important to secure data and have sufficient security measures in place, but it’s also important to know how to properly deal with a data breach if it were ever to occur in your business.

Feel free to contact us with any questions or concerns regarding your company’s data security.



backtotop