Uber Data Breach Sparks Investigations, Lawsuits

Uber's Data Breach Discussion With SoftBank

For their roles in the cover-up, Uber chief security officer Joe Sullivan and his deputy have been ousted, while Uber says it's taking "several actions", including consulting the former general counsel of the US' National Security Agency to prevent a future data breach. In his statement regarding the data breach, he said the company needed to be open and honest if is to "repair our past mistakes". Uber said it believes the information was never used but declined to disclose the identities of the attackers.

The stolen information included names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 USA drivers, Khosrowshahi said. It's time for the judicial system to hold these companies to a higher standard - and make them pay for these security screw ups. lest we get fooled again.

Uber says that the affected accounts belonging to riders are now monitored and have been additionally updated with extra fraud protection but there's now no official way of finding out if your rider's account has been breached.

Liboro said Uber committed to respond in detail to the commission's queries about the nature of the breach, what data were involved and what measures were applied to address the breach, as soon as confirmed data become available.

Chief executive Dara Khosrowshahi, who took over this summer, wrote on the company's website that Uber had failed to notify individuals or regulators at the time of the breach. But the hack did involve unauthorized access to user data on a third-party cloud service, identified by Bloomberg and other news outlets as Amazon Web Service. "We are verifying the extent and the amount of information".

"We'll be working with the NCSC plus other relevant authorities in the United Kingdom and overseas to determine the scale of the breach, how it has affected people in the United Kingdom and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations".

Commenting on the hack, Khosrowshahi, said: "None of this should have happened and I will not make excuses for it".

US Senator Richard Blumenthal took to Twitter to call for the FTC to investigate Uber, describing the company's behavior as "inexplicable" and asking for the FTC to impose "significant penalties". We are changing the way we do business.

On Twitter today, USA security writer Brian Krebs asked what made Uber's $100,000 payout to the hackers different from the ransoms other companies have paid to unlock system data encrypted by ransomware.

The ride-hailing firm now acknowledges it had a legal obligation to report the hack to authorities and to the affected drivers.

Liboro said they have tapped Uber's network of privacy regulators, particularly the Federal Trade Commission of the U.S., to share information on the incident. "You can ask forgiveness for being hacked, but many people will find it harder to forgive and forget if you deliberately concealed the truth from them".

Related news: