The ultra-reliable, transparent and not-at-all dishonest tech firm Uber has revealed it was a victim of an enormous data breach – back in 2016!
Finally coming clean, the often-in-some-sort-of-trouble company has revealed that the data of an eye-watering 57 million customers was accessed during the hack.
Rather than reporting the incident to, say, the authorities or the customers affected, the call-a-cab firm paid the criminals who hacked them £75,000 to delete the stolen data – which they obviously did and certainly didn’t create any copies of, because you can trust online criminals, can’t you?
Of the 57 million email addresses, names and phone numbers hacked, 600,000 were those of Uber’s drivers – who the firm have attempted to soothe by giving them free credit monitoring protection. That’s nice. However, customers who were hacked – the mass majority of the victims – will not be offered the same curtesy.
In a truly stunning statement, Uber’s chief executive, Dara Khosrowshahi, said: ‘While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection.’
Notice the bit where he specifically acknowledges that the hack should have been reported immediately, and that by failing to do so Uber utterly failed its customers, its drivers and the law? Oops, it’s not there. Perhaps it’s in this bit: ‘None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.’
Oh well, not in that bit either. Perhaps it will be covered in a statement that comes out next year.
Under the forthcoming General Data Protection Regulation (GDPR), organisations that fail to reveal data breaches to the Information Commissioner’s Office (ICO) sharpish could be hit with gigantic fines. About time.
What this latest breach blunder reveals is yet more contempt for customers – you know, the people who make Uber its money. If I were an Uber customer, which I’m not, I’d be sickened that the firm had known my details were accessed by criminals a year ago and failed to inform me.
Like Equifax and many more before it, the company would rather cover up hacks to protect its business model (i.e. its money) than be honest, fess up and let the authorities do their job and customers decide what to do next.
If Uber is hacked again today, have we any reason to believe that it’d tell anyone? Nope. Maybe start taking the bus for a bit.
While we’re on the subject, you may want to have a read of our recent guide to the GDPR, which tells you all sorts of facts about the forthcoming legislation (it truly is essential reading for Uber employees). Click here to read now.