Uber Data Breach


Uber Company faces lawsuit for the data breach

Data breach is one of the potential threats any company faces. A secured working environment with all adequate measures to protect virtual data needs to be undertaken so that a customer can rely on and trust you before he opts to share his details with your company. Recently, Uber hit the headlines for failing to keep the data of their customers and drivers secure, and reporting the breach on time, which eventually affected their business. An estimated figure of around 57 million drivers and customers were under the grasps of the data breach.

An estimated figure of around 57 million drivers and customers were under the grasps of data breach

As per state laws, the news of a potential breach needs to be notified to the cyber cell within 45 days of the violation. Also, the attorney general of the state needs to be informed as well, if the breach tends to affect more than 500 residents of the country. Uber failed to do both, and around ten lawsuits were filed against them. It took almost a year for Uber to figure out that their confidential data was breached and they first reported it on November 1, 2017. Names, contact numbers, payment information and even the license numbers of drivers were under threat followed by this breach. Some reports made circles all the while that Uber believed that they would be able to handle the issue at their end and even tried to pay a ransom of around $100,000 to the hackers so that they delete all data from their end. Figuring out that their attempt was futile, Uber finally decided to approach to the governance body for help, and this is when it came to the limelight that there was a data breach in a massive level at Uber’s end.

Uber Company had maintained its negligent behaviour till it was on the edge of the sword

There is no wonder that the casual attitude Uber maintained all this while is enraging. It was their prime responsibility to let the consumers know about the breach. Effective measures could have been adopted to minimize the adversities of the violation, only if people were aware of the same. However, Uber maintained their negligent behaviour till they were on the edge of the sword and had no alternatives left than to approach the law.

Security measure of two-factor authentication was never implemented although Uber made a promise to do that


Once the case was with the cyber cell, a thorough investigation was performed to find out the potential causes of the breach. The investigators figured out that the hackers had targeted a private Github where all personal information was stored. Although the Github was password protected, they were still able to breach it. Reason? The password used was weak and straightforward, and the user credentials from the previous breach in 2014 were already present in the repository. All it took was for them to figure out which repository it was and within some time, poof! Data gone. Additional security measures of two-factor authentication were never implemented for the users although Uber made a promise about the same.

Uber spokeswoman has assured that they would change their way of business and tried to regain the trust of customers

In the light of the recent events, Uber spokeswoman has assured that they would change their way of business and try all they can to regain the trust of the consumers. Only time would say if Uber implemented the change it boasted?


Comments are closed.