November 22, 2017 - Uber is a company with some major problems. The company has been hemorrhaging cash and recently lost its top executive - Travis Kalanick - after a video emerged of him berating an Uber driver. Now comes word that a year ago the company had a data breach that released the personally identifiable information of 57 million of the company's customers and of 600,000 of the company's American drivers. To make matters even worse, once the company realized it had a problem they violated numerous data breach laws by covering up the breach and bribing the hackers behind it to keep the breach quiet.
According to a statement by Uber's new CEO, the passenger data released includes names, email addresses and phone numbers for customers all over the world. The driver data released includes names and license numbers, and it was limited to drivers in the United States.
While the breach would have been bad for the company had they followed appropriate law and notified victims and government agencies in a timely manner, the fact that Uber decided to cover up the breach will likely prove to be much worse. In the past 24 hours, four state attorneys general and the Federal Trade Commission have announced investigations into the breach. If not for this being the Thanksgiving holiday week, that number would likely be much higher by now. It's fairly safe to say that within the next week, most of the states in which Uber operates will announce their own investigations.
The company is also in trouble internationally because of its actions in the wake of the data breach. Authorities in the UK, Australia and the Philippines have already announced that they will be conducting investigations of their own.
As a part of its announcement on the data breach, Uber's CEO also announces the firing of "two individuals." Those two individuals were the company's chief security officer - Joe Sullivan - and one of his underlings. Both of the terminated employees are attorneys themselves. Sullivan is a former US Prosecutor.
Why these two people are taking the fall for this breach isn't currently known. Sullivan had only been with the company since 2015, when he was recruited away from Facebook by former CEO Travis Kalanick. It's hard to believe that a data breach of this size, and a decision to pay off the people behind the breach, wasn't known of by the CEO. While Kalanick no longer has that job with the company, he is still a member of the board of directors.
Uber paid the hackers $100,000 to destroy the data they stole and to remain quiet about it. The company's announcement of the breach says that Uber obtained assurances that the stolen data was destroyed but they don't say what those assurances consisted of.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|