Hackers are targeting sensitive data, but what happens when a big company experiences a data breach and doesn’t disclose it? Just this week, the world discovered that Uber hid a 2016 data breach by paying off the hackers and having them sign a non-disclosure agreement (NDA). This isn’t the first time Uber has experienced a data breach, but this instance impacted 57 million driver and rider accounts. There have been questions as to whether it is legal or ethical to hide this data from drivers and riders. Although Uber paid the hackers to delete the data, there is a question of whether Uber is doing everything it can to provide its customers and employees from future attacks.
How did Uber hide this for so long?
Between paying off the hackers, the NDA, and classifying the payout as a “bug bounty,” Uber concealed this data breach for over a year. A “bug bounty” is when a tech company solicits hackers to attempt to breach their data in order to enhance security. However, this was not initiated as a bug bounty; this was a legitimate attack on Uber’s data.
Who was responsible for hiding this activity?
New CEO Dara Khosrowshahi is blaming Former Uber CEO Travis Kalanick for a lot of the problems that are coming to light thanks to an internal investigation. The questionable company actions during Kalanick’s tenure continue to surface, and there are allegations that Uber used its technology to track and evade law enforcement officers.
How will this impact future data breaches?
Neither the public nor the media is not happy with the lack of transparency from Uber. Millions of people use Uber every day, and they want to know that the personal information they share with the company is safe. In states like California, companies are required to disclose data breaches. As issues like Equifax, Uber and other security threats become more prominent, the need to secure information and regulate disclosure is quickly becoming apparent. Integrity cannot be expected; it must be mandated for the protection of customers and employees.
What can companies do to avoid an Uber-like breach?
While it’s likely that Uber was targeted by hackers because they knew the company had money for ransom, any company with digital data can be a target for hackers. Creating a thoughtful and proactive security program is key.