Uber data breach affects 57 mln users

Posted November 23, 2017

Boffetti said New Hampshire law requires companies to notify the state of data breaches and to disclose how many New Hampshire residents may have been affected. While these things may not have been dealbreakers for you, this new information might be. The UK's top data privacy organization slammed Uber on Wednesday. According to Bloomberg, they got into Uber's GitHub account, a site many engineers and companies use to store code and track projects.

First, I've heard numerous stories at infosec conferences this year about unnamed companies, including healthcare and financial services organizations, that were hit with ransomware and then paid the ransom without disclosing the incident to regulators or the public.

- Yahoo, billions hacked - In what is considered the biggest cyber-attack in history, a 2013 hack affected all three billion accounts at Yahoo.

The hacking in 2016 of data on 57 million Uber riders and drivers, unveiled on Tuesday, is among the biggest ever thefts of online users' personal information.

Affected drivers are being provided with free credit monitoring and identity theft protection.

Uber's CEO Dara Khosrowshahi said in a statement he recently learned of the breach.

"I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it", he said.

In January, Uber agreed to pay $20 million to settle FTC charges it misled drivers about how much they could make using the platform.

"This wasn't simply a data breach", Rubin said.

"The reality is that companies today exist in a state of continuous compromise". This, compounding the seriousness of the breach and the potential repercussions if the PII is abused, suggest that the CEO's mea culpa is only the beginning of what could be a trying time for the company.

"You may be asking why we are just talking about this now, a year later", Khosrowshahi said. "We are changing the way we do business".

We do not believe any individual rider needs to take any action.

Dan Panesar, vice-president for Certes Networks in Europe, said transparency is crucial when it comes to the loss of personal data. Guruswamy said. "It sounds to me like the $100,000 went, not to protect the consumers, but to keep it from getting out in the news". "Instead, the model needs to include a step that limits the damage - containment".

The developments have some of the hallmarks of the Equifax data breach, which the credit reporting firm said in September impacted 145 million Americans earlier this year.

Data protection lawyers at the Leigh Day legal firm said a huge number of claims could be brought against Uber by its customers as a result of the security failing.

And even the SEC has faced security issues of its own.