X

Uber paid off hackers in massive data breach cover-up

Uber is a company that has been in a PR tailspin for some time now. Between shafting their drivers in payments to the business that the company has siphoned away from traditional cab drivers, the corporation has not had a great public perception. Things weren’t helped by a massive data breach that exposed well over 57 million customers and their private data (such as names, email addresses, driver’s licenses, and phone numbers) to cybercriminals. The breach occurred in 2016, but news reports are now emerging that make this story even worse.

As initially reported by Bloomberg’s technology news division, it appears that Uber engaged in a massive cover-up of the incident (which was more or less in vain). According to the article, upon first discovering that their private GitHub coding site (which is used by Uber engineers) was compromised, and it became apparent how bad the breach was, Uber tracked down the hackers responsible. In an attempt to keep the breach quiet, Uber upper management paid the hackers $100,000 to delete the data that they had obtained. The hope was that customers would be none the wiser and that the hackers would back off (which is a foolish belief to hold).

This directly flies in the face of protocol for cybersecurity breaches. Per local and federal law, companies are required to report data breaches to the public and government authorities when they occur. Uber had already been on thin ice with numerous prior data breaches, so this cover-up only further hurt any legal standing that the company had. In the aftermath of the revelations the current CEO of Uber, Dara Khosrowshahi (who was not CEO when this occurred), had this to say:

None of this should have happened, and I will not make excuses for it... we are changing the way we do business... At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals... We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.

Khosrowshahi has inherited a significant mess as the new CEO of Uber, but only time will tell if this is the last time the company decides to act as though it is above the law.

Photo credit: Flickr / Elliott Brown