Uber Hacked – Paid Hackers $100 000 To Stay Quiet

Uber Data Breach

It has been reported that Uber was subject to a huge cyberattack that resulted in 57 million customer and drivers personal records being leaked. 50 million customer records which included  names, email addresses and phone numbers were taken. A further 7 million records of Uber drivers were stolen, some of which included drivers licence numbers.

Bloomberg initially reported that Uber were aware of the breach back in 2016 where they paid the hackers $100, 000 to delete the stolen data and keep the breach quiet.

This is not the first time Uber has been in the spotlight for data security. Around the time of the breach, Uber was already negotiating with regulators in the US who were investigating separate claims of privacy violations.

How Was Uber Hacked?

The hack took place after two hackers accessed a private coding repository used by Uber software developers. It was from here that Uber were able to obtain login credentials which they then used to login to further Uber systems and access the data. It is then believed that a ransom note was emailed to Uber demanding payment.

Reporting Data Breaches

Uber are subject to a number of state and federal laws which require companies to report breaches to government agencies and customers however they failed to fulfil this duty. We fully expect that Uber will be subject to large fines because of this.

Under the current data protection act, there is currently no legal obligation to report data breaches. GDPR is set to change this and from May 25th 2018, UK businesses will need to report all data breaches within 72 hours of discovery or face fines of up to 20 million euros or 4% of global turnover (whichever is higher).

Data protection is a serious issue and statistics show that Cyber Attacks and data breaches are growing year on year. Keep an eye out for our new GDPR guidance posts which we will be publishing from January next year. In the meantime if you would like any advice about GDPR, Cyber Security or Data Protection, feel free to get in touch by calling us on 0333 335 0370.

Latest News

Load More Posts