Ubers data breach silence puts alarm on modern CEOs haste and frugal digital strategies least caring of their customers’ data
Uber faced ruckus after getting exposed to data breach which the company concealed affecting 57 million customers and drivers in 2016. The International transportation service provider tried to laud itself after announcing lately that it fired its chief security officer and another employee who revealed it paid the hackers behind a security breach last year that exposed the personal information of millions of people to keep quiet about the incident.
From its advent, Uber has faced many scandals to what it has added newly. Until Tuesday, Joe Sullivan directed a security team at Uber that covered up an October 2016 incident in which two people figured out how to get into Uber’s Amazon Web Services account through credentials pilfered from a Github site used by its engineers, accessing the personal information of 57 million customers and 7 million of its drivers, according to Bloomberg.
New Uber CEO DaraKhosrowshahi said that drivers’ license numbers were accessed in the breach, which Uber concluded after a recent investigation into the incident was legally required to report to federal authorities.
The stolen information included names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 U.S. drivers, Khosrowshahi said. Uber declined to say what other countries may be affected.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said in a statement. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
In India, Uber regulations are also displeasingly questioned,Uber driver faced several rape cases. It caused widespread outrage against Uber in India and led to its services being temporarily banned in Delhi.
While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.
The snowballing ride-sharing company has raised a whooping amount of money valuing the company around $70 billion as it attempts to bring its service to every part of the world.
Uber does not believe that any credit card numbers or location history data was accessed in the incident, which it stressed did not involve any breach of its own systems. It’s not clear how the attackers managed to get into the Github accounts of Uber employees, and it’s not clear if the data was ever used or sold to another party, although Uber seems confident that its $100,000 actually resulted in the deletion of the data.
Uber faced harsh criticism for failing to perform effective background checks when it was revealed that the driver was facing charges in four other criminal cases at the time of the attack.
Let’s go to the past ride which blatantly evaluate on how Cyber-attacks are getting even vulnerable. Major attacks which feared the digitization around include: the biggest cyber-attack in history, a 2013 hack affected all three billion accounts at Yahoo.
A breach by major American credit agency Equifax in September is seen as potentially more damaging than that of Yahoo because of the sensitivity of the data leaked.
In August 2014 online data protection firm Hold Security claimed that Russian hackers had accessed 1.2 billion passwords linked to 420,000 internet sites around the world, from corporate giants to individual accounts.
US retail giant Target was hit by a computer attack in December 2013 that affected 110 million clients.
In September 2015 computer security experts discovered a virus dubbed Key Raider that targeted Apple iPhones and iPads, and which had already affected 225,000 Apple accounts.
In a quote shared with BIS infotech, Jason Hart, VP and CTO for data protection, Gemalto, said, “Three things should have been done better here: faster disclosure, better use of encryption for the entire data lifecycle and the use of access management, including strong authentication. Delay in disclosing erodes trust, and it belies the fact that breaches like this, that access your data via cloud services, are inevitable. The goal should not be to hide these breaches or even prevent them—it should be to make them secure breaches by taking a more intelligent, data-centric approach to security. This means knowing exactly where your valuable data resides, who has access to it, how it is transferred, and when and where it is encrypted and decrypted. Of the 1.9 billion data records compromised worldwide in the first half of 2017, less than 1 percent were encrypted. Moreover Identity theft, which appears to have motivated this attack, continues to emerge as the leading type of breach, accounting for 74 percent of all data breaches in the first half of 2017, up 49 percent from the previous period. All that had to be done here is secure access to the data and encrypt it, and it’s what other organizations need to do in the future to avoid this.”