The convenient workaround – paying the hackers
It seems that now misfortune of data breach has descended on Uber, well-known ride-hailing company specializing in driving apps. The company has tried to conceal the major data leak which encompassed 57 million users’ data. The biggest problem is that the incident took place in 2016 and it was disclosed only now. Another compromising fact is that the company remitted the payment of $100,000 to the hackers so that they would remain silent about the acquired “trophy.”
The stolen data
Users’ names, email addresses, driver’s license numbers, and phone numbers of 50 million users and 7 million drivers were said to comprise the stolen information. Fortunately, no security numbers and credit card personal details were compromised.
Instead of reporting the incident, the company chose a supposedly shorter route – paying the perpetrators. On the other hand, the fact eventually came into daylight. The massive amount of stole data and the attempt to conceal the data breach resulted in the sue for negligence.
Before the data breach, the company had the lawsuit over data security vulnerabilities and negotiations with the Federal Trade Commission (FTC) over the consumers' data management. Uber Technologies Inc. tried to come to an agreement with the FTC on privacy settlement.
Interestingly, it isn’t the first data breach involving company’s name. In January 2016, the company was fined $20,000 for a less significant data breach which took place in 2014. Uber informed the attorney about the recent major data breach only on Tuesday, November 21, though the company's security team was aware of it in November 2016, a month after the incident.
Ruined reputation in a moment
The statement of the Uber CEO Dara Khosrowshahi seems quite contradicting. After taking over the post in September 2017, he said that the things were about to change how they did the business. He did not try to evade any responsibility for the concealment of the data breach.
The company has been expanding since its foundation in 2009. The convenient rating system of drivers and utilities in Uber app earned sufficient the acknowledgement among users. Now it may be the topic of debate how the company will be able to save its reputation after such failure.
In order to redeem their fault, Uber Technologies Inc offers free credit card protection for the owners of leaked driving license numbers.
In addition, it also hired a former general counsel at the National Security Agency and director of the National Counterterrorism Center Matt Olsen. His assistance is said to restructure cybersecurity system in the company. Perhaps the company will learn its lesson since the wake-up calls about security issues occurred already in 2014.