Uber’s CEO revealed on Nov. 21, 2017, that the ride-hailing service failed to disclose a massive data breach last year. In Oct. 2016, hackers accessed a server containing personal information for more than 57 million Uber drivers and riders. They demanded a $100,000 ransom to delete their copy of the data, which Uber paid.
The attackers allegedly first accessed a private GitHub repository used by Uber’s developers. The repository contained code with login credentials for other Uber systems, which ultimately provided access to the stolen data.
Uber later identified the hackers and pushed them to sign nondisclosure agreements. It also disguised the ransom payment as part of a bug bounty program, according to the New York Times.
The Biggest Mistake was the Cover-up
The Uber data breach may prove to be an example of when the cover-up is worse than the crime. The breach undoubtedly harmed the company’s brand, but the damage caused by hiding the attack has only begun. Lawsuits are now raining down on Uber from attorneys general across the U.S.
How your Business Can Avoid Lawsuits and Customer Distrust from a Security Breach
Even though the security breaches at large corporations make the headlines, it’s the smaller companies that are the most vulnerable. Small businesses are generally easier to hack because they don’t put real security measures in place. Here’s what we recommend:
- Know the laws. There are federal, state and local laws on how to handle a data breach and notify customers, and some are industry specific.
- Err on the side of transparency – Thousands of companies have experienced a data security breach. It’s how you respond to it that matters to your customers. Most will forgive you, especially if you care enough about their information to keep them informed.
- Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.