Hackers stole the private data of 57 million customers and drivers of Uber Technologies in a massive breach that occurred in October 2016. The incident, which included a $100,000 (£75,000) payment to the hackers to keep quiet and delete the data (oh, sure!), was concealed by executives for more than a year.
This week, Uber came forward with the story. The company also announced that they’d fired the chief security officer and deputies for covering up the incident. They are very sorry. Another month, another Uber scandal.
The attack compromised names, email addresses and phone numbers, but no social security numbers, trip location details or other data was taken, something for which we can give thanks (not really!).
Uber is not the first global brand to fall victim to a major data breach of late. The company joins an unfortunately long list of massive security breaches, including Target, Yahoo and, most recently, Equifax.
What truly separates this scandal from the pack is the concealment of the incident. Uber’s co-founder and former CEO, Travis Kalanick, knew about the hack in November 2016, one month after it took place. Kalanick, who is NOT known for his strong moral compass, took extreme measures to conceal the information from the public, something to which the new CEO, Dara Khosrowshahi, “will not make excuses for.”
You guys, it get’s worse. This isn’t Uber’s first ride on the concealed data breach train. In January 2016, the company was fined $20,000 (£19,000) by the New York attorney general for failure to disclose a 2014 data breach incident. So, during the time of the October 2016 breach, the ride-hailing service was already in the process of negotiating with the FTC about the handling of private data. Despite being aware of the new massive hack during this time, Kalanick declined to bring up the hack at the table. I’m sure it just never came up!
Just a reminder to all businesses out there: there are many state and federal laws that require companies to alert people and government agencies when these breaches occur. Uber acknowledged it was obligated to report the hack and failed to do so. Yeah, we know.
The company promises to do better. For starters, Uber has brought in a former general counsel at the National Security Agency and director of the National Counterterrorism Center to advise its security teams.
So there’s that. While this isn’t the biggest data breach that’s ever rocked the global business world, it certainly feels like one of the shadiest. Looks like I’ll be deleting my Uber app once again.