At this point it’s not surprising that Uber, the illustrious and often maligned ride sharing service, suffered a massive data breach last year. Massive as in 57 million of it’s users had personal information stolen by a group of hackers.
While it’s not yet known if the stolen information has been used maliciously, this fact is connected to the alluring twist in another case of data breaches that seem to be plaguing 2017: Uber paid the hacker group $100,000 to supposedly destroy the sensitive information and then waited a year to inform the public about such action.
Emails, phone numbers and 600,000 license plate numbers of various Uber drivers, were taken in this breach. And while, as far as we know, no information from this breach has been used elsewhere for illegal purposes, we don’t actually know that do we? The tendrils of the internet in regards to scams, frauds, and stolen data is so vast and far-reaching it’s almost impossible to trace whether or not an individual phishing scam that resulted in credit card fraud, originated with the Uber breach. And while the license plates are seemingly innocuous, the possibilities of identity theft are quite real with just a few numbers and letters.
This is why Uber’s fundamental misunderstanding about the internet, digital databases and destroying information, is so concerning. I’d be hard pressed to find a situation in the context of this breach, where the sensitive information of 57 million people was actually destroyed, unable to be attained by nefarious groups ever again. Because that’s not the case right? Somewhere in the back of our brains, signals are going off in connection to the likelihood of this situation floating to the top of fraud radars months from now. I’m just surprised someone hasn’t leaked this story earlier.
This isn’t the latest stain on Uber’s reputation, having fired CEO Travis Kalanick in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits. Nor is this the first time that Uber has faced a data breach, paying a $20,000 fine to the New York attorney general for waiting to notify five months about another breach that it discovered in September 2014.
The other issue that arises from this data breach shares a common thread with the others that have happened this year and is systemic in nature. We’ve barely begun to accept the implications of the Equifax breach before Uber decided to let us all know about what happened in 2016. In a news culture that moves faster with the dawn of each day, those affected by the Uber breach will surely be left holding the proverbial bag while an apathetic consumer culture moves onto the latest and greatest scandal. The ramifications of these breaches extends far beyond our attention spans, leaving us to remember just exactly where that phishing scam could have come from six months from now.
The other question that’s raised, and seems to be asked every time Uber hits the news for different negative PR, is when do have the necessary conversation about serious reprimands? Sure a $20,000 fine is a good step in keeping Uber vigilant, but its also a tiny monetary slap on the wrist for company reportedly worth $51 billion. Obviously we should take that number with a huge grain of salt, being that the financials for uber are purely speculative at this point. but we shouldn’t let the connivence of such an app that has a history of treating it “employees,” so terribly, sidestep shady business policy that seems to crop up in the news every few months or so. I do think it’s just a matter of time before Uber receives some major comeuppance outside of a $20,000 fine. We’ve started to see this with cities like London banning the company from operating within city limits.
When we have more information about this situation we’ll be sure to update our story.
Read our latest CFN original here.