Global transportation technology company Uber Technologies has admitted it suffered a breach that saw hackers stealing the personal information of approximately 57 million customers and drivers.
So how did it happen? It was reported that two hackers gained access to a private area of the online resource for developers dubbed “Github”. From that point, the threat actors found the transport giant’s login credentials for Amazon Web Services (AWS) – a cloud computing platform used by myriad companies to store all sorts of data, including apps.
As if that isn’t bad enough, the company is now in hot water, as it failed to disclose the breach for nearly a year. It has also been claimed it paid off hackers to destroy the data. Uber is now facing a multimillion-dollar consumer protection lawsuit.
The breach exposed the names and driver’s license numbers of about 600 000 drivers in the US, and other personal information of all 57 million Uber users and drivers around the world, including names, email addresses and mobile phone numbers. The company insisted its forensics experts saw no evidence that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were compromised, and said it is monitoring the affected accounts and has flagged them for extra fraud protection. It says it had notified affected drivers whose driver’s license numbers were compromised, and is giving them free credit monitoring as well as identity theft protection.
Although Uber believes no action is needed, we still need to be aware of other factors when breaches of this scale take place. When well-known entities attract attention in the news, threat actors could try to use the conversation around these incidents to their advantage.
One way they could do this is through phishing attacks, or emails that appear to come from Uber, in an effort to fool unwitting users into disclosing sensitive data, including account credentials or payment card information. In any event of this nature, it is advisable to go directly to the source, and get updates only from the organisation’s official Web site. Be suspicious of mails claiming to be from Uber, and under no circumstances click on any links or attachments in the mails.
The bottom line is that Uber was not prepared, and didn’t handle the incident well. Even with the latest and most advanced threat protection technologies, no company’s data is safe. There’s no silver bullet when it comes to cyber security. Businesses have to ensure they are covered in the event of a data breach.
Had Uber had cyber insurance in place, it could have saved itself a whole world of pain. Cyber insurance is highly specialised, and designed specifically to help protect organisations, as well as help them recover in the event of a security incident. Cyber events come in all shapes and sizes, and can be catastrophic for businesses.
Similarly, cyber insurance protects individuals. Should any Uber customers have money stolen out of their credit cards, the insurance would cover this.
Cyber insurance offers cover for hardware damage, data loss or corruption, cyber liability and crime, expenses covering recovery and loss of income. Moreover, it covers bringing in specialists to minimise damage to reputation and loss of confidence – something I bet Uber wishes it has now.
- Urgent call to review Fuel Pricing in SA | #Motoring | Diesel and Dust | Tumelo Maketekete | #Podcast | #ebizradio - January 27, 2022
- Follow your consumers and do it BIG! | #LTM | #Marketing | Kevin Britz | Craig Page-Lee | #Podcast | #ebizradio - January 27, 2022
- How to use emotional intelligence to improve your sales? | The Shift Show | #Sales | #GrowGetters | Shelley Walters | Clive Vanderwagen | The Sales Counsel | Ready People | #ebizradio | #Podcast - January 26, 2022
- Just Talk to People | #Entrepreneur | Word of Mouth | Lindi Tshabangu | Laura Ruthven| Female Entrepreneur SA Magazine | #Podcast | #ebizradio - January 24, 2022
- Can technology take the pain out of recruitment? | #OneEyedMan | Mike Stopforth | Francois de Wet | #ebizradio | #Podcast - January 24, 2022
- Why understanding UBOs is critical |#Insight | #ebizradio | Jason Shedden | Contactable - January 24, 2022
- Making news headlines this week | #News | Kuhle Tshabalala | #Podcast | #ebizradio - January 21, 2022
- Motoring News – Chery Tiggo 8 – Suzuki V-Storm DL-650 | #Motoring | Diesel and Dust | Tumelo Maketekete | #Podcast | #ebizradio - January 21, 2022
- The State We’re In 2022 – Six Trend Pillars for this year | #Trends | #Insight | Dion Chang | Flux Trends | #Podcast | #ebizradio - January 20, 2022
- Female Leadership – Success Factors and Barriers to Overcome | #Insight | #ChangeConversations | Mpume Ncube-Daka | Moloko Komane | #Podcast | #ebizradio - January 20, 2022