Professional Documents
Culture Documents
Case Studyuberannouncesnewdatabreach
Case Studyuberannouncesnewdatabreach
INTRODUCTION
Uber is a ride-hailing firm that developed an Uber Mobile App, which can be downloaded
from Apple's App Store or Google's Play Store, that allows users of the platform to request a trip and
automatically sends your location to an Uber driver nearby. The Uber app is not just famous for
providing rides. However, it also offers delivery services, allowing users to ship and receive packages,
or a user can also request delivery food from their favorite restaurant via Uber. The app collects
information to create an account for new users, such as email addresses and phone numbers for rides
to use the app. The information you provided will help to locate the whereabouts, identify, and
contact the customer while becoming an uber driver, the person must provide a copy of their driver's
license and other required documents. In 2015, Uber is increasing popularity in the United States,
with 327,000 active drivers on the road, more than double the number of 160,000 giving trips in
December 2014 (Carson, 2015). According to Bloomberg News, Uber Technologies Incorporated
disclosed that hackers obtained the personal information of around 57 million riders and drivers. The
news outlet also reported that the company executives initially paid the hackers $100,000 to erase
the data and keep the data breach quiet for more than a year, which was discovered in 2016 (Norton,
2021).
According to Mr. Dara Khosrowshahi, Uber's Chief Executive Officer, stated in a news release
on Uber's website that there were two individuals who did not work for the company gained access to
the data on a third-party cloud-based service that Uber operates. The stolen data included the names
and driver's license numbers of approximately 600,000 drivers in the United States. Aside from
driver's license numbers, the names, e-mail addresses, and mobile phone numbers of all 57 million
Uber riders and drivers were infiltrated. The firm stated that according to the forensics expert that the
numbers of the Uber users bank account, social security, credit cards as well as its trip location history
and dates of birth were not downloaded by the hackers. The Uber declared for Uber riders, upon
inspecting there is no evidence of fraud or misuse tied to the incident and there is no need to take
action, the firm also added that they are handling the affected accounts and flagged them for
additional fraud protection.
What possible impacts or problems may arise in conjunction with the data breach?
With stolen data from Uber riders and drivers, identity theft may occur, which can be used in a
phishing attack to mislead customers into providing personal information such as account credentials
or credit card information. Since the Uber app has users' data of their location and identity, if cyber
criminals obtained the trip histories and other sensitive information of the user, it would threaten the
individual's safety; they could be targeted for house break-ins or attacks at any time of the day. A data
breach in Uber may jeopardize the firm's financial data, financial bottom line, reputation, and
information records; the company may also face long-term effects, such as loss of consumers' trust, if
not addressed promptly.
SOLUTIONS
How can Uber Technologies, Inc. and other similar businesses prevent such from happening again?
What measures can you recommend?
When developing data privacy and security rules for a company, it is necessary to teach and educate
staff for the security policies to be implemented appropriately.
These are the security policies that employees need to be knowledgeable of:
Establish a data policy outlining how personnel should manage, delete, retrieve, and transmit data.
Creating unique passwords on computers and other devices that are used for work.
Develop a documented system for departing employees and third-party users/contractors
(passwords, key cards, laptop access, etc.)
Train the staff to report immediately suspicious data security leakage or data security breaches
When most employees have access to crucial data, a corporation is endangered. Suppose
thousands of employees can log into a system that holds personal information about the company, its
employees, partners, etc. In that case, there is a greater risk of a data breach in the organization,
which could be a weak link in the chain. The risk of data breaching can be reduced if the organization
limits worker access and assigns only authorized personnel to view critical information.
A company can build firewalls, Virtual Private Networks (VPN), traffic monitoring and
restriction, and security update is a big step to make a difference in the company’s data security. The
data security management should also check and evaluate third parties carefully to lessen the chance
of threat to the company.
4. Create a Cyber Breach Recovery Plan
A preparedness strategy recovery plan will allow the employers and employees to take an action
immediately for potential consequences of data breach to reduce the lost productivity and
unfavorable publicity. The employers should not hide the truth to employees when a data breach
occur to take an action immediately.