Cyberattack on Uber Exposes 57 Million Users Information
Back in October 2016 there was a cyber attack against Uber that exposed 57 million users personal information. On Tuesday, Uber acknowledged that two individuals had attained and downloaded information on Uber drivers and riders that was stored in a third-party system. According to Uber, names and driver license numbers of about 600,000 drivers have been accessed as part of the cyber attack. The company reported in a blog post that 57 million users were also exposed to their information, including names, emails and phone numbers. Uber said other personal information, such as trip details or credit card information, wasn’t obtained.
Travis Kalanick, then CEO of Uber, first learned about the incident in November 2016, according to Bloomberg, the company’s chief security officer, at the time, and one of his deputies covered up the attack. This included a payment of $100,000 to the two hackers who had accessed the data in exchange for their promise to keep quiet and delete the information. As a result of this, Dara Khosrowshahi, the new CEO of Uber, has reportedly requested the resignation of Uber’s Chief Security Officer, Joe Sullivan, and an attorney who reported to him.
One of the many bad decisions that Khosrowshahi had to inherit since Kalanick was ousted from the company in June is the latest news about the data breach. The company faces several other federal inquiries into its business practices and is preparing for trial next month. “None of this should have happened, and I will not make excuses for it,” Uber’s CEO Khosrowshahi said. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Hackers have successfully infiltrated many companies in the past few years. The Uber breach, while large, is overshadowed by those at Yahoo, MySpace, Target Corp., Anthem Inc. and Equifax Inc. What’s more alarming are the extreme measures Uber took to hide the attack. The company maintains that individual riders don’t need to take any action since Uber has “seen no evidence of fraud or misuse tied to the incident.” It’s not always that simple as any data breach can be significant, since the personal information included in most accounts can be used to engineer everything from identity theft to phishing operations.
Since Uber is apparently unwilling to let individual customers know whether they were affected by the breach at this point, it’s not a bad idea to assume you were. And, as a precaution, and we’re sure you’ve heard this before, it’s time change your passwords—again. Once that’s done, check your accounts for fraudulent activity. Then you could always set up credit monitoring to ensure no one is using your personal information. It’s the lowest level of defense, but it’s better than nothing.