Just in time for Thanksgiving, yet another massive corporate data breach has surfaced. This week, we learned that in October 2016, hackers stole the private data of 57 million customers and drivers of Uber Technologies. The massive breach, which included a cool $100,000 payment from Uber to the hackers to keep quiet and delete the data (oh, sure!), was concealed for more than a year. Another month, another Uber scandal.
Yesterday, Uber came forward with the story. The attack compromised names, email addresses, and phone numbers, but no social security numbers, trip location details, or other data was taken, for which we can give thanks (not really!). The company also announced that they’d fired the chief security officer and deputies for covering up the incident.
Uber is not the first global brand to fall victim to a major data breach of late. The company joins an unfortunately long list of massive security breaches, including Target, Yahoo and, most recently, Equifax. What truly separates this scandal from the pack is the concealment of the incident. Uber’s co-founder and former CEO, Travis Kalanick, knew about the hack in November 2016, one month after it took place. Kalanick, who is NOT known for his strong moral compass, took extreme measures to conceal the information from the public, something to which the new CEO, Dara Khosrowshahi, “will not make excuses for.”
You guys, it get’s worse. This isn’t Uber’s first ride on the concealed data breach train. In January 2016, the company was fined $20,000 by the New York attorney general for failure to disclose a 2014 data breach incident. So, during the time of the October 2016 breach, the ride-hailing service was already in the process of negotiating with the FTC about the handling of private data. Despite being aware of the new massive hack during this time, Kalanick declined to bring up the hack at the table. I’m sure it just never came up!
Just a reminder to all businesses out there: there are many state and federal laws that require companies to alert people and government agencies when these breaches occur. Uber acknowledged it was obligated to report the hack and failed to do so. Yeah, we know.
The company promises to do better. For starters, Uber has brought in a former general counsel at the National Security Agency and director of the National Counterterrorism Center to advise its security teams. So there’s that. While this isn’t the biggest data breach that’s ever rocked the global business world, it certainly feels like one of the shadiest.
Looks like I’ll be deleting my Uber app once again.