A hefty fine has been issued over the 2016 Uber cyber attack as a result of security flaws that could have prevented the breach in the first place.
The data for some 2.7m Uber customers in the UK was compromised, as were the records for over 80,000 drivers. The fine, issued by the ICO (Information Commissioner’s Office), is small in comparison to potential GDPR fines. This is because the cyber attack took place in 2016 before the new rules came into force.
Had the cyber attack have happened this year, Uber could have faced fines in the millions.
The Uber data breach was a clear lesson in how NOT to handle a cyberattack. When the hackers contacted Uber by email, back in November 2016, they demanded a six-figure sum in order to destroy the wealth of data they’d stolen so news of the breach would quietly fade away once the bribe had been paid.
As opposed to dealing with the data breach in the appropriate way, Uber decided to pay-off the hackers and cover the breach up. A payment of $100,000 was reportedly made to the two hackers, and employees responsible for the security issue passed the whole thing off as a “bug bounty” program, which is where hackers are offered money to try and find weaknesses.
In reality, they were simply hacked, and Uber have not only paid the heavy price of the bribe, but also the cost of a handling the crisis thereafter.
Car-sharing company, Uber Technologies, are facing further questioning from governments as they demand answers over alleged violations of multiple laws and regulations stemming from the 2016 Uber data breach that saw a reported 57 million customers and drivers have their personal information exposed.
The failure to disclose the breach is not being accepted by some regulators and lawmakers. A number of lawsuits have been launched against the popular company with allegations of consumer fraud and deceptive business practices.
Uber recently admitted to a historic data breach that compromised personal data belonging to some of its 57 million users and drivers worldwide. With six million of those users in the U.K., a significant number of people in Britain are expected to be potentially at risk of further criminal activity like fraud and digital harassment.
To make matters worse, the breach happened a year ago in October 2016, but instead of telling the authorities, Uber decided to ‘handle it’ by finding the hackers and paying them off to keep quiet.
Uber has revealed that the company’s database was hacked in October last year, but instead of alerting authorities and warning users about the breach, they instead paid hackers around £75,000 to keep quiet about the hack, and for assurances that the information would be deleted.
Former chief security officer, Joe Sullivan, reportedly made the decision to cover-up the Uber hack, and it was a decision that cost him his job, his deputy’s job, and risked the security of some 56 million people around the world.