Uber pulls yet another boner by failing to disclose hack
The concept of taking a cab is hardly new. Any person in a major city can hold out their arm and hail a ride. In smaller communities, you simply call a cab company and schedule a car. You can pay cash for the trip and even be anonymous -- the driver doesn't have to know who you are. No private information to get stolen. Easy peasy.
But OK, many consumers got "app fever" over the last decade, and as a result Uber was born. If you aren't familiar, it is a ride-sharing service where you summon a car using your smartphone. Instead of professional drivers, however, you are transported by amateurs. Even worse, you can only pay digitally -- no privacy. The company has a horrible overall track record too -- negative workplace culture, sexual harassment, and a lack of respect for user privacy. Today, you can add another scandal to the list, as Uber pulls yet another boner. You see, last year -- in 2016 -- the company experienced a data breach and failed to disclose it -- until today, that is. Sigh. Maybe we should all go back to taking yellow cabs...
Sadly, it is not just user data such as names, phone numbers and email addresses, but for Uber drivers, it was driver's license numbers too. Nefarious people can have a field day with this information, and it is an absolute shame that these victims were not notified at the time. We aren't talking about a small group either -- there are 57 million customers and 600,000 drivers that were victimized.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts," says , Uber.
Did you catch that? Uber took the word of hackers that the data was destroyed! Think about that, folks. Bad people stole both user and driver data from Uber, and the company just accepted the assurances from the evildoers. Even if the people that stole the data really did delete it, Uber had no way of knowing that for sure. I'm sorry to be so blunt, but that is just stupidity. To add insult to injury, according to Bloomberg, the company paid the hackers $100,000 too. Sigh.
ALSO READ: Charmin Van-GO is an on-demand mobile toilet service -- the Uber of poop and pee
further says, "None of this should have happened, and I will not make excuses for it. While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."
How will Uber work to make sure this doesn't happen again? The CEO shares the following.
- I’ve asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward. Effective today, two of the individuals who led the response to this incident are no longer with the company.
- We are individually notifying the drivers whose driver’s license numbers were downloaded.
- We are providing these drivers with free credit monitoring and identity theft protection.
- We are notifying regulatory authorities.
- While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection.
Now, data breaches do happen, and a company should not necessarily be vilified for it. However, for any sort of forgiveness, the company would need to be open and honest with its customers and employees (or employee-like drivers). Uber failed to do this. Quite frankly, its stupidity of taking a thief's word that the data was destroyed makes me wonder if Uber should ever be trusted by anyone ever again.
Some people will point to the fact that
became CEO of Uber after this hack happened as a way to blame the failure on the former regime. While there may be some truth to that, let's be honest, folks -- Uber is bigger than one man, and such an embarrassment is caused by many. may be innocent in this matter, but the company as a whole is not.Of course, as far as mitigating the impact, Uber is putting the onus on users. The company wants you to monitor your credit card and Uber accounts. And then you have to go through the hassle of reporting it. The company shares instructions below.
We encourage all our users to regularly monitor their credit and accounts, including their Uber account, for any issues. Please let us know via the Help Center if you see anything unexpected or unusual related to your Uber account. You can do this by tapping "Help" in your app, then "Account and Payment Options" > "I have an unknown charge" > "I think my account has been hacked".
Will you be switching to Lyft as a result of this calamity? Tell me in the comments.
Photo credit: kitty / Shutterstock