Uber Disaster: Here We Go Again!

Uber Hack

The revelation that the data of some 57 million Uber customers and drivers has been leaked, with the company then paying the hackers $100,000 to delete the data and keep quiet about it, has come as yet another ‘nail in the coffin’ to the data security strategies employed by business – both large and small.

Not only did Uber’s systems allow such a hack, they failed to disclose the breach.

Well, here we go again! This seems to be some kind of ransom attack and of course, under the forthcoming GDPR regulations (due to take effect in 2018) such a breach would cost the company dear, some 4% of their global turnover. US regulations do require companies to disclose all breaches and Uber are in clear contravention of this.

It demonstrates the weakness of cloud based technology when it comes to adequately securing data in storage. Whilst it seems that this data was not encrypted – an unbelievable situation in today’s climate – non-the-less, even if it had been, it may not have prevented the breach, should the hackers have had access to the right credentials.

Two-factor authentication should have been deployed, where a unique password is required for each transaction.

Also, had Uber been properly monitoring their event management systems they may well have pin-pointed unusual behaviour patterns or log-ons and have been able to prevent the attack. This is not rocket science, it just takes the will to impose robust data security systems. It seems that there wasn’t a will to do this.

Colin Tankard

Colin Tankard is the Managing Director at Digital Pathways and has over 30 years of experience within the IT industry. He has established a number of US data security companies within the European market such as: Axent, Symantec, Whittman Hart, Aventail Europe, Delta Computer Systems and Vormetric. Colin takes a business approach to data security and strives to ensure the technology meets the compliance or regulatory needs but not at the cost of business efficiency. By taking a practical approach the outcome is more cost effective to the client and the data better secured as the company as a whole uses the technology efficiently rather than fight against it.