Monday 4 December 2017, Poradnik bezpieczeństwa

A large Uber costumers data breach

Lost24

The cab-hailing app Uber has recently revealed that in October 2016 the unknown group of hackers has gained accessed the accounts of Uber clients.

The whole matter was kept secret by a Uber CEO Dara Khosrowshahi, who had paid 100,000 USD of ransom to the cybercriminals. In his statement, Khosrowshahi said the company had “obtained assurances that the downloaded data had been destroyed” and improved its security, but that the company’s “failure to notify affected individuals or regulators”.

The Uber company has admitted that the hackers have stolen the personal information from over 57 million Uber users around the world, including names and driver's license numbers of around 600,000 drivers in the U.S., rider names, email addresses and mobile phone numbers.

The U.S. authorities have launched an investigation into the hack. Fortunately, the investigators have confirmed that more sensitive information, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised.

For its negligent, the Uber company will be strictly monitored by the Federal Trade Commission. The FTC said that: "Uber failed consumers in two key ways: first by misrepresenting the extent to which it monitored its employees' access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data."

Meanwhile, the European Union’s Article 29 Working Party (the influential data agency that’s made up of representatives from all 28 EU Member State’s national data protection bodies) said it has added the Uber data breach to its agenda for its next plenary session. A spokeswoman for the group told us: “It is too soon to talk about the possible actions that have to be decided by the group. The enforcement actions are still on the national level until GDPR next May”. GDPR refers to the incoming General Data Protection Regulation, which comes into force across the EU in May 2018.