Uber was hacked October 2016 in a massive global breach and the company is only acknowledging this Tuesday. The Uber hack spanned the personal information of 57 million customers and Uber failed to notify individuals and regulators.
At the time of the incident, the company was negotiating with U.S. regulators investigating claims of privacy violations. Instead of properly reporting the Uber hack, the company paid the hackers to delete the data and cover-up the breach.
“None of this should have happened, and I will not make excuses for it,” Uber new CEO Dara Khosrowshahi said in a statement. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Dara assured that at the time of the attack, the company took immediate steps to secure the data, and they also identified the individuals behind the breach and obtained assurances that the stolen downloaded data has been destroyed.
The Guardian, quoted Chris Hoofnagle of the Berkeley Center for Law and Technology:
“The only way one can have direct liability under security breach notification statutes is to not give notice. Thus, it makes little sense to cover up a breach.”
According to Bloomberg, here is how the attack went: “Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.”
Note About Resources:
Listing resources is a new initiative that we are trying at SecurityNews.io after some followers expressed interest in combating fake news. If you have any feedback, please share with Mohamad. We only grow as a community because of YOU.