In a world where over 2.5 quintillion bytes of data are consumed daily through emails, videos, images, tweets, and content, infringement in some form or the other is inevitable. When a security breach does occur, the onus lies with the infiltrated company/platform to alert customers and government agencies. This is where Uber has failed sorely.
According to reports that have surfaced this week, the global ride-sharing giant underwent a massive breach in October 2016, wherein data of more than 57 Mn drivers and customers were accessed illegally. Instead of reporting the infringement to authorities, Uber chose to keep the hack under wraps for over a year, going so far as to pay $100K to the attackers for their silence.
Reports of the cyberattack finally surfaced when the cab aggregator ousted its Chief Security Officer and a few other people involved in the cover-up, earlier this week.
In response to the controversy, the company’s newly-crowned CEO Dara Khosrowshahi stated, “None of this should have happened, and I will not make excuses for it. We are changing the way we do business. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Interestingly, this isn’t the first time that private details of Uber drivers and customers have been accessed. In 2015, the cab aggregator accidentally leaked personal information of hundreds of its drivers through a newly-launched app called “Uber Partner”. Details like social security numbers, scans of driver licenses and tax forms were made public.
What Exactly Happened Last October?
As part of the violation that took place in October last year, the attackers gained access to names, email address and phone numbers of more than 50 Mn Uber riders from across the world. Additionally, the personal data of up to 7 Mn drivers, including 600K in the US alone, were hacked, sources revealed.