Uber Cyber Hack
Uber is the latest company to be revealed as suffering a massive cyber hack, with the personal information of 57 million customers and drivers being breached in October 2016.
Uber has acknowledged over a year later that it failed to notify both individuals and regulators – and in fact paid the hackers $100,000 to delete the data and keep quiet about the breach.
Names, email addresses and phone numbers of 50 million Uber users and 7 million drivers were taken in the attack that Uber tried to keep quiet.
It’s worth noting that Uber would have been fined either 4% of its global annual turnover or 20 million euros had this occurred once the General Data Protection Regulation (GDPR) comes into play. On this occasion the company took over a year to notify regulators of the hack; they will have 72 hours if it happens again following the introduction of GDPR in May 2018.
Uber was previously fined $20,000 for failing to disclose a data breach that occurred in 2014 but will not be able to act in this way again. While the company has gained a reputation for not necessarily playing by the rules since it was founded in 2009, if it responds in the same way to another hack it will suffer the same punishment as any other company.
It’s also worth noting that while paying off the hackers may have worked in the short term for Uber, it may simply encourage hackers to try again and see how much more money they can make out of Uber, or another organisation, the next time.
Uber CEO Dara Khosrowshahi stated that: “None of this should have happened, and I will not make excuses for it.”
How Cyber Essentials can help
The first step towards keeping your organisation safe from cyber attack is to be certified with Cyber Essentials. Certification to the Government’s Cyber Essentials Scheme is a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks, regardless of the sector you operate in.
