Reading:
Uber data breach was a lesson in how NOT to handle a cyberattack
Share:
uber taxi settlement

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Uber data breach was a lesson in how NOT to handle a cyberattack

The Uber data breach was a clear lesson in how NOT to handle a cyberattack. When the hackers contacted Uber by email, back in November 2016, they demanded a six-figure sum in order to destroy the wealth of data they’d stolen so news of the breach would quietly fade away once the bribe had been paid.

As opposed to dealing with the data breach in the appropriate way, Uber decided to pay-off the hackers and cover the breach up. A payment of $100,000 was reportedly made to the two hackers, and employees responsible for the security issue passed the whole thing off as a “bug bounty” program, which is where hackers are offered money to try and find weaknesses.

In reality, they were simply hacked, and Uber have not only paid the heavy price of the bribe, but also the cost of a handling the crisis thereafter.

Understandably, Uber has been slammed for its handling of the breach. They failed to appropriately disclose that the details of some 57 million customers had been compromised, and the breach also reportedly included license information for over half a million of their drivers.

Rather than doing the honourable thing and disclosing the breach, which is vital to ensure victims can prepare for the potential of being scammed, they instead hid the breach in efforts to cover it up.

As a result of their deception, it has cost at least one employee their job and has likely harmed Uber’s reputation. On top of that, government and intelligence agency probes have ensured Uber explains themselves and apologise for the way they handled the breach, which has turned into a serious crisis for the company.

Their efforts to pass the breach off as a bug bounty has been labelled as “morally wrong and legally reprehensible”.

We also understand that it wasn’t difficult for the hackers to break into Uber’s systems. They reportedly found legitimate access credentials on a storage area Uber engineers used on GitHub. The hackers then used the credentials to break into an Amazon cloud database they were using.

Organisations must never run from a data breach

Organisations must never run or shy away from a data breach. Although the first priority should be to ensure that servers and systems are safe and secure. If an organisation ever does fall foul of a breach, then victims should be informed as soon as possible in order to minimise any potential for scams and frauds to be committed using data stolen from a hack.

The Uber data breach and the way they mishandled the whole situation is the perfect example of how NOT to deal with a breach and how NOT to handle a cyberattack effectively.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon