Uber discloses '16 data breach

Hack in October affected 57 million customers, drivers

SAN FRANCISCO - Uber on Tuesday disclosed that it was the victim of a data breach in October 2016 that affected 57 million of the ride-hailing service's customers and drivers.
So far, there's no evidence that the stolen data has been misused, according to a blog post Tuesday by Uber's recently hired CEO, Dara Khosrowshahi.
Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken, instead, the company paid the hackers $100,000 to delete the data and keep the breach quiet.
The revelation marks the latest stain on Uber's reputation.
The San Francisco company ousted Travis Kalanick as CEO in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.
It's also the latest major breach involving a prominent company that didn't notify the people that could be potentially harmed for months or even years after the break-in occurred.
Hackers have successfully infiltrated numerous companies in recent years.  The Uber breach, while large, is dwarfed by those at Yahoo, Myspace, Target, Anthem and Equifax.
Khosrowshahi criticized Uber's handling of its data theft in his blog post.
"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," Khosrowshahi wrote.  "We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."
The heist took the names, email address and mobile phone numbers of 57 million riders and drivers around the world.  The thieves also nabbed the driver's license numbers of 600,000 Uber drivers in the US.
Uber waited until Tuesday to begin notifying the drivers with compromised drivers licenses, which can be particularly useful for perpetrating identify theft.  For that reason, Uber will now pay for free credit-reporting monitoring and identity theft protection services for the affected drivers.
Here's how the hack went down:  Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company.  From there, the hackers discovered an archive of rider and driver information.





Comments

Post a Comment

Popular posts from this blog

Cybersecurity - Equifax sued over massive data breach

Cybersecurity Equifax sued over massive data breach Second case brought against company for way it handled personal info ATLANTA  - A team of lawyers has filed a class-action lawsuit against Equifax over that data breach that has compromised the personal information of more than 140 million US consumers. The lawsuit filed in US District Court in Atlanta faults Equifax for "gargantuan failures to secure and safeguard consumers' personally identifiable information -- and for failing to provide timely, accurate and adequate notice" to consumers that such sensitive material had been stolen. The lawsuit said plaintiffs Brian Spector of Florida and James McGonnigal of Maryland are each victims of the breach.  McGonnigal alleges he has "recently had four credit accounts opened in his name without his authorization."   The lawsuit joins another filed this past week in Oregon on behalf of a couple there, and others are expected.  A US House committee has
Read more

IP 23 Feedback

IP 23 Chaperone/Feedback Feedback by closing the loop between the output or product of a process and the controlling or influencing inputs. Introduce feedback. Enhance or change existing feedback. Monitor and control inputs rather than simply inspect outputs. Continuous coursework and assessment rather than end of the year exams. Many processes, typically continuous flow production, electronics or service processes, are part of larger systems. Such systems are best controlled using closed loop feedback, where the state of one or more critical outputs is used to influence one or more critical inputs. Making feedback work well is a challenging subject, as over control is just as problematic as under control. However the aim must be to ensure effective feedback loops are in place within processes where they will clearly help. Feedback is essential as part of system's control mechanisms. Six Sigma encourages the concept and use of the formula Y=f(x), where we control the inputs to a
Read more

TWO MINDSETS

Two different mindsets are doing battle in today's world. Old Power Values Formal (representative) governance, managerialism, institutionalism Competition, exclusivity, resource consolidation Confidentiality, discretion, separation between private and pubic spheres Expertise, professionalism, specialization Long-term affiliation and loyalty, less overall participation New Power Values Informal (networked) governance, opt-in decision-making, self-organization Collaboration, crowd wisdom, sharing, open-sourcing Radical transparency Maker culture, "do-it ourselves" ethic Short-term conditional affiliation, more overall participation
Read more