Perhaps more than most other services we use, ride sharing is one that requires us to expose a significant deal of private data. It’s all in the name of convenience, of course, that we share our location from a long period of time, expose our home locations and the locations of our frequent destinations, and make frequent use of our credit card(s).
What happens, then, when that well of user data is hacked? Well, that’s exactly what happened to Uber in October 2016 when a the company’s servers came under a large-scale cyberattack that stole confidential information of 57 million customers and drivers, including names, email addresses, and phone numbers.
Only, we didn’t hear a peep about that at the time, and only now, more than a year later, are we hearing the full story. A damning Bloomberg report details how the ride-hailing firm’s executives, primarily Joe Sullivan, its Chief Security Officer, and his team did not disclose the breach but took measures to cover it up, including a US$100,000 ransom payment to the attackers.
Sullivan and at least one of his subordinates were fired this week after, supposedly, news of these actions reached newly appointed CEO Dara Khosrowshahi. According to a statement released by Uber, no driver’s license, social security, journey statistics, or credit card information were taken.
“None of this should have happened, and I will not make excuses for it,” said Khosrowshahi in an email. “We are changing the way we do business.”
In response to these new matters now in light, the New York Attorney General has launched an investigation into the hack and what took place between Uber and these hackers, their identities not having been disclosed at the time of writing.
Uber, that ride sharing company we all know by now, hasn’t had the best of histories with data security and privacy practices. Most recently, the app was almost booted off the Apple App Store after it was discovered that it collects user data even after the app was deleted from the iPhone.
In case it wasn’t already plainly obvious, the company has had quite a rough year, though to be fair the bulk of their misfortunes were self inflicted and set in motion in days far prior to this comeuppance: harassment scandals, executive departures, a CEO ousted, international fines, city-wide bans. Harsh.
While other major technology companies have been the target of large-scale cyberattacks, such as in the Equifax breach, this is a rare instance of it taking place followed by a cover up operation instead of an immediate public disclosure and visible bolstering of security measures.
