Uber Covered up a Huge Data Breach

23/11/2017

It’s come to light that Uber concealed a massive hack that saw 57 million customer’s and driver’s details fall into the wrong hands.

The £51bn transportation company breached data security laws by attempting to hide the 2016 hack.

The hackers were paid £75,000 to delete the data which included, names, e-mail addresses, mobile numbers and even licence details of the drivers.

Uber has set up a resource page for affected drivers.

Uber really should know better, In January it was fined £15,000 for failing to disclose a considerably less serious breach in 2014.

In the wake of the news, Uber’s chief security officer Joe Sullivan has left the company. Also, Ubers former chief executive Travis Kalanick, who was in charge during the time of the hack, is under heavy pressure to explain his role in the cover up.

Uber’s current chief executive, Dara Khosrowshahi, released the following statement:

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

Dara Khosrowshahi, UBER CEO

Dara Khosrowshahi certainly doesn’t have the easiest job in the world. Uber’s rapid growth has not been matched with the corporate responsibility required for a company of its size.

Repercussions

As well as the considerable damage to an already poor reputation, there could be serious legal and monetary consequences for this cover up.

UK, US, Australia and Philippines are all launching investigations over the hack and its cover up. The global nature of this breach leaves Uber open to potential liability in numerous jurisdictions. The foremost violation being the requirement to inform individuals if their personal data has been compromised.

As is often the case, it will likely be the cover up that proves more bothersome for Uber than the hack itself.

The Information Commissioner’s office will be heading up the investigation for the UK. They’ve released the following statement:

“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.”

James Dipple-Johnstone, ICO Deputy commissioner

With Uber currently negotiating an investment by Japanese conglomerate Softbank – thought to be worth up to £7.5bn – this latest crisis is terrible timing. This investment is significant for Uber because it will result in a much-needed reform of its board and help the business improve its corporate governance.

Rajeev Misra, a board director at Softbank, described progress on a deal with Uber as “long and arduous”.

With Uber’s latest problems, it may become a whole lot tougher.

The full extent of Uber’s punishment is yet to be seen. But one thing is for sure, they’re in very hot water… again!

A disastrous end to a terrible year

January Fined £15,000 for failing to disclose a considerably less serious breach in 2014.

FebruaryFormer Uber engineer Susan Fowler speaks out about widespread sexual harassment and gender discrimination.

MayUber admits it has for years been underpaying New York City drivers by tens of millions of dollars.

JuneCEO Travis Kalanick resigns and Uber sacks 20 employees following an investigation into sexual harassment and workplace culture.

August There are wide spread reports that Uber used cars in Singapore that are fire-prone, despite knowing the cars safety drawbacks.

September Uber loses its license to operate in London due to a lack of corporate responsibility. The company is appealing the decision.

November Uber admits concealing a massive hack that saw 57 million customer’s and driver’s details fall into the wrong hands.

Avoid Reputational Damage

As well as the monetary loss, the reputational damage caused by being found in breach of the incoming GDPR legislation would be significant.

There are two ways we can help you avoid this:

ISO 27001 certification

We help hundreds of companies every year set up ISO 27001 information security management systems. Once in place, ISO 27001 helps prevent costly data breaches and keep client’s data safe.

GDPR compliance check

 

One of our auditors will visit your business and take you through the key elements and changes, as well as the Action Plan we’ve designed to help interpret the GDPR legislation into straightforward actions.

GDPR Knowledge and Awareness e-learning course.

Our online course is efficient and effective to use. Only taking between 60 – 90 minutes to complete, this e-learning will raise awareness of the risks and impact of GDPR regulations across all stakeholders in your organisation.

Free Introduction to GDPR course

 

 

 

 

 

start course