A massive data breach that affected 57 million customers was not disclosed to those individuals last year.
A massive Uber security breach that occurred in 2016 allowed hackers to get their hands on the personal information of 57 million customers. The handling of the event was poor enough that some of the company’s key security department personnel – including its head – have been fired.
So far, Uber hasn’t released many details regarding the original handling of the data breach.
The company’s press release on the topic did mention that neither the regulatory authorities nor the affected customers were adequately notified of the cyber security breach and proper protocol was not followed. Joe Sullivan, the Uber security chief, was fired, as was at least one other individual who played a central role in the way the rideshare company managed the cyber attack.
A recent Bloomberg report indicated that Uber dealt with the situation by paying the cyber criminals $100,000 to delete the files before sharing or backing them up. After that, the company kept its mouth closed about the event’s ever having happened.
The Uber security breach occurred when two hackers managed to crack into the company’s customer files.
The cyber criminals did not target the corporate infrastructure of the rideshare company. Instead, they went directly for data stored within a third party cloud storage service. Through that storage channel, the hackers were able to download a massive amount of Uber customer personal information. This included the names and telephone numbers of approximately 57 million people. It also included about 600,000 Uber driver files, including their driver’s license data.
At the time of the event, the company did attempt to take steps to protect the stolen customer and driver data. These efforts were significant enough that even the company’s CEO, Dara Khosrowshahi only just recently discovered that the cyber attack had happened last year. Once Khosrowshahi found out what had happened, more appropriate procedures were followed.
This included firing those individuals who had known about the cyber attack and who handled it improperly. It also involved providing affected drivers with free fraud protection and credit monitoring. The regulatory authorities were notified of the Uber security breach, as was the public and all affected individuals.