TH2106

CASE STUDY #1: Uber Announces New Data Breach Affecting 57 Million Riders and Drivers
Ridesharing company Uber Technologies, Inc. has disclosed that hackers have stolen the personal
information of about 57 million customers and drivers, according to a report by Bloomberg News. The news
outlet also reported that Uber discovered the data breach in late 2016 and then waited to disclose the news
almost a year later.
What was stolen?
Chief Executive Officer Dara Khosrowshahi states in a press release on Uber’s website that the stolen
information included the following:
 The names and driver’s license numbers of around 600,000 drivers in the United States were stolen.
It is important to note that the driver’s license numbers affect the drivers working for Uber and not
their ridesharing customers.
 Aside from the driver’s license numbers, other personal information of all 57 million Uber riders and
drivers around the world was compromised: names, e-mail addresses, and mobile phone numbers.
 According to the company’s statement: “Our outside forensics experts have not seen any indication
that trip location history, credit card numbers, bank account numbers, Social Security numbers or
dates of birth were downloaded.”
Uber rider or driver?
For Uber riders, the company says it doesn’t believe affected individuals need to take action. “We have seen
no evidence of fraud or misuse tied to the incident,” its statement to riders said. “We are monitoring the
affected accounts and have flagged them for additional fraud protection.”
Uber has stated that it’s notifying affected drivers whose driver’s license numbers were accessed and are
providing them with free credit monitoring and identity theft protection service. The company is providing
additional information for its drivers on its website.
How did the Uber breach happen?
Uber said two (2) people who didn’t work for the company accessed the data on a third-party cloud-based
service that Uber uses. The company also said that outside forensics experts had not seen evidence that the
hackers accessed other types of information.
Study Questions:
A. What is the write-up all about? What technology-related issue/s is/are apparent?
- This case study demonstrated how Uber is dealing with its largest challenge yet, a data breach.
Most businesses employ technology to run their operations, however in this instance, some of
those systems have been hacked by outside parties. Conflicts at the Uber organization are many
and will result in significant losses for their customers. Ube should make a significant decision to
protect their business, and those responsible should be held accountable.
B. What possible impacts or problems may arise in conjunction with the data breach?
- The potential effect of this issue on the business is that it may be breached by a hacker, or a
cybercriminal, who is the main cause of data breaches, who can release a virus or attack the
business system, which would result in the loss of crucial customer files.
C. How can Uber Technologies, Inc. and other similar businesses prevent such from happening again?
What measures can you recommend?
- If it occurs again to their corporate executives, Uber should be responsible. They must act
quickly to prevent it from happening again. In this grave situation, I urge them to strengthen the
capability and characteristics of their systems to recognize certain files or papers entering their
systems to avert a potentially dangerous scenario and to benefit the company database.

03 Task Performance 1 – ARG (for Modular Learners) *Property of STI

Page 1 of 2
 TH2106

D. Considering this scenario, would you consider technological developments as advantageous? Why or
why not? Justify your responses.

- Despite the possibility of data breaches, I think all organizations may benefit from technology.
Technology is a tremendous aid to a larger firm in upholding and reaching its standards. As we all
know, technology can have both beneficial and negative effects depending on how people use
them.

Reference:
NortonLifeLock employee. (n.d.). Emerging threats. Norton. https://us.norton.com/internetsecurity-emerging-threats-
uber-breach-57-million.html

03 Task Performance 1 – ARG (for Modular Learners) *Property of STI

Page 2 of 2
 TH2106

CASE STUDY #2: Possible Data Breach at Orbitz Affects 880,000 Payment Cards
Travel booking website Orbitz has announced that it discovered a potential data breach that exposed information for
thousands of customers. The incident, discovered by the company on March 1, 2018, may have exposed information
tied to about 880,000 credit cards.
The consumer data in question is from an older booking platform, where information may have been accessed between
October and December 2017. Orbitz partner platform data, such as travel booked via Amex Travel, submitted between
January 1st, 2016 and December 22nd, 2017, may have also been compromised. The Expedia-owned company says that
names, payment card information, dates of birth, e-mail addresses, physical billing addresses, gender, and phone
numbers may have been accessed, but it doesn’t yet have “direct evidence” that any information was taken from the
website.
There have been many mass data breaches over the past year: OnePlus said up to 40,000 customers were affected by a
breach in January 2018 that resulted in the company temporarily shutting down credit card payments for its online
store, a Verizon partner data breach exposed millions of customer records, a Yahoo breach impacted all 3 billion user
accounts, and 143 million people had personal information stolen from Equifax. Even Chipotle experienced a malware
that stole customer credit card information from restaurants in every state the chain operates in.
Orbitz said it worked with a forensic investigation firm, cybersecurity experts, and law enforcement once the breach
was discovered in order to “eliminate and prevent unauthorized access to the platform.” The company says its current
site, Orbitz.com, wasn’t affected. It is notifying customers who may have been impacted and is offering a year of free
credit monitoring.
Study Questions:
A. What is the write-up all about? What technology-related issue/s is/are apparent?
B. What possible impacts or problems may arise in conjunction with the data breach?
C. How can Orbitz and other similar businesses prevent such from happening again? What measures
can you recommend?
D. Considering this scenario, would you consider technological developments as advantageous? Why or
why not? Justify your responses.

Reference:
Dujmovic, A. (March 20, 2018). Possible data breach at Orbitz affects 880,000 payment cards. Cnet.com.
https://www.cnet.com/news/possible-orbitz-data-security-breach-affects-880000-payment-cards/

03 Task Performance 1 – ARG (for Modular Learners) *Property of STI

Page 3 of 2