CASE STUDY: UBER ANNOUNCES NEW DATA BREACH AFFECTING 57 MILLION RIDERS AND DRIVERS

INTRODUCTION

What is the write-up all about?

Uber is a ride-hailing firm that developed an Uber Mobile App, which can be downloaded
from Apple's App Store or Google's Play Store, that allows users of the platform to request a trip and
automatically sends your location to an Uber driver nearby. The Uber app is not just famous for
providing rides. However, it also offers delivery services, allowing users to ship and receive packages,
or a user can also request delivery food from their favorite restaurant via Uber. The app collects
information to create an account for new users, such as email addresses and phone numbers for rides
to use the app. The information you provided will help to locate the whereabouts, identify, and
contact the customer while becoming an uber driver, the person must provide a copy of their driver's
license and other required documents. In 2015, Uber is increasing popularity in the United States,
with 327,000 active drivers on the road, more than double the number of 160,000 giving trips in
December 2014 (Carson, 2015). According to Bloomberg News, Uber Technologies Incorporated
disclosed that hackers obtained the personal information of around 57 million riders and drivers. The
news outlet also reported that the company executives initially paid the hackers $100,000 to erase
the data and keep the data breach quiet for more than a year, which was discovered in 2016 (Norton,
2021).

What technology-related issue/s is/are apparent?

Poor data security (Privacy Issues)

According to Mr. Dara Khosrowshahi, Uber's Chief Executive Officer, stated in a news release
on Uber's website that there were two individuals who did not work for the company gained access to
the data on a third-party cloud-based service that Uber operates. The stolen data included the names
and driver's license numbers of approximately 600,000 drivers in the United States. Aside from
driver's license numbers, the names, e-mail addresses, and mobile phone numbers of all 57 million
Uber riders and drivers were infiltrated. The firm stated that according to the forensics expert that the
numbers of the Uber users bank account, social security, credit cards as well as its trip location history
and dates of birth were not downloaded by the hackers. The Uber declared for Uber riders, upon
inspecting there is no evidence of fraud or misuse tied to the incident and there is no need to take
action, the firm also added that they are handling the affected accounts and flagged them for
additional fraud protection.

STATEMENT OF THE PROBLEM

What possible impacts or problems may arise in conjunction with the data breach?

With stolen data from Uber riders and drivers, identity theft may occur, which can be used in a
phishing attack to mislead customers into providing personal information such as account credentials
or credit card information. Since the Uber app has users' data of their location and identity, if cyber
criminals obtained the trip histories and other sensitive information of the user, it would threaten the
individual's safety; they could be targeted for house break-ins or attacks at any time of the day. A data
breach in Uber may jeopardize the firm's financial data, financial bottom line, reputation, and
information records; the company may also face long-term effects, such as loss of consumers' trust, if
not addressed promptly.

SOLUTIONS

How can Uber Technologies, Inc. and other similar businesses prevent such from happening again?
What measures can you recommend?

1. Train and Educate Employees for Security Awareness

When developing data privacy and security rules for a company, it is necessary to teach and educate
staff for the security policies to be implemented appropriately.

These are the security policies that employees need to be knowledgeable of:

 Establish a data policy outlining how personnel should manage, delete, retrieve, and transmit data.
 Creating unique passwords on computers and other devices that are used for work.
 Develop a documented system for departing employees and third-party users/contractors
(passwords, key cards, laptop access, etc.)
 Train the staff to report immediately suspicious data security leakage or data security breaches

2. Limit access of company’s data.

When most employees have access to crucial data, a corporation is endangered. Suppose
thousands of employees can log into a system that holds personal information about the company, its
employees, partners, etc. In that case, there is a greater risk of a data breach in the organization,
which could be a weak link in the chain. The risk of data breaching can be reduced if the organization
limits worker access and assigns only authorized personnel to view critical information.

3. Monitor and Enhance General Security

A company can build firewalls, Virtual Private Networks (VPN), traffic monitoring and
restriction, and security update is a big step to make a difference in the company’s data security. The
data security management should also check and evaluate third parties carefully to lessen the chance
of threat to the company.
4. Create a Cyber Breach Recovery Plan

A preparedness strategy recovery plan will allow the employers and employees to take an action
immediately for potential consequences of data breach to reduce the lost productivity and
unfavorable publicity. The employers should not hide the truth to employees when a data breach
occur to take an action immediately.

CONSIDERING THIS SCENARIO, WOULD YOU CONSIDER TECHNOLOGICAL DEVELOPMENTS AS

ADVANTAGEOUS? WHY OR WHY NOT? JUSTIFY YOUR RESPONSES
Yes, I believe that the technological development as advantageous. A modern problem requires a
modern solution, with the data breach that happened in the Uber Inc. the use of our information
technology expert can address the issue easily by enhancing the company’s data security by creating
firewall and encryption. The modernization of the technological development is advantageous in a
business since it has a lot of benefits such as:

 Increases Operational Efficiency

One of the most significant benefits of information technology in a business is operational
efficiency, which implies that resources such as inventory, people, equipment, money, and so
on will be optimized, and the value of the resources will be maximized, thus improving the
company's workflow.

 Monitor security threats

You can utilize information technology to identify and assess potential security threats that
may harm the organization. It can also encompass external dangers such as data leaking,
cybercrime, and cyberterrorism. A company can monitor security requirements such as data
integrity, security tracking, system activity recording, and so on. These security measures, if
implemented, will help the company in protecting their privacy.

 Productivity and Automation

The adaption of technology solutions will overall productivity of the company with the
availability of high-speed internet and automation software enable the users for better
handling the tasks. It can also enhance the digital presence and engagement of your
customers with the use of the automation tools. With the availability of high-speed internet
and automation software, the use of technology solutions will increase the company's total
productivity. It can also improve your clients' digital presence and engagement by utilizing
automated solutions.