Wednesday, November 22, 2017  
 
 
 
Printable Page Headline News   Return to Menu - Page 1 2 3 5 6 7 8 13
 
 
Uber Hack Affects 57M Riders, Drivers  11/22 06:11

   Uber is coming clean about its cover-up of a year-old hacking attack that 
stole personal information about more than 57 million of the beleaguered 
ride-hailing service's customers and drivers.

   SAN FRANCISCO (AP) -- Uber is coming clean about its cover-up of a year-old 
hacking attack that stole personal information about more than 57 million of 
the beleaguered ride-hailing service's customers and drivers.

   So far, there's no evidence that the data taken has been misused, according 
to a Tuesday blog post by Uber's recently hired CEO, Dara Khosrowshahi. Part of 
the reason nothing malicious has happened is because Uber acknowledges paying 
the hackers $100,000 to destroy the stolen information.

   The revelation marks the latest stain on Uber's reputation.

   The San Francisco company ousted Travis Kalanick as CEO in June after an 
internal investigation concluded he had built a culture that allowed female 
workers to be sexually harassed and encouraged employees to push legal limits.

   It's also the latest major breach involving a prominent company that didn't 
notify the people that could be potentially harmed for months or even years 
after the break-in occurred.

   Yahoo didn't make its first disclosure about hacks that hit 3 billion user 
accounts during 2013 and 2014 until September 2016. Credit reporting service 
Equifax waited several months before revealing this past September that hackers 
had carted off the Social Security numbers of 145 million Americans.

   Khosrowshahi criticized Uber's handling of its data theft in his blog post.

   "While I can't erase the past, I can commit on behalf of every Uber employee 
that we will learn from our mistakes," Khosrowshahi wrote. "We are changing the 
way we do business, putting integrity at the core of every decision we make and 
working hard to earn the trust of our customers."

   That pledge shouldn't excuse Uber's previous regime for its egregious 
behavior, said Sam Curry, chief security officer for the computer security firm 
Cybereason.

   "The truly scary thing here is that Uber paid a bribe, essentially a ransom 
to make this breach go away, and they acted as if they were above the law," 
Curry said. "Those people responsible for the integrity and confidentiality of 
the data in-fact covered it up."

   The heist took the names, email addresses and mobile phone numbers of 57 
million riders around the world. The thieves also nabbed the driver's license 
numbers of 600,000 Uber drivers in the U.S.

   Uber waited until Tuesday to begin notifying the drivers with compromised 
driver's licenses, which can be particularly useful for perpetrating identify 
theft. For that reason, Uber will now pay for free credit-report monitoring and 
identity theft protection services for the affected drivers.

   Kalanick, who still sits on Uber's board of directors, declined to comment 
on the data breach that took place in October 2016. Uber says the response to 
the hack was handled by its chief security officer, Joe Sullivan, a former 
federal prosecutor whom Kalanick lured away from Facebook in 2015.

   As part of his effort to set things right, Khosrowshahi extracted Sullivan's 
resignation from Uber and also jettisoned Craig Clark, a lawyer who reported to 
Sullivan.

   Clark didn't immediately respond to a request for comment sent through his 
LinkedIn profile. Efforts to reach Sullivan were unsuccessful.

   Uber's silence about its breach came while it was negotiating with the 
Federal Trade Commission about its handling of its riders' information.

   Earlier in 2016, the company reached a settlement with the New York attorney 
general requiring it to take steps to be more vigilant about protecting the 
information that its app stores about its riders. As part of that settlement, 
Uber also paid a $20,000 fine for waiting to notify five months about another 
data breach that it discovered in September 2014.


(KA)

 
 
Copyright DTN. All rights reserved. Disclaimer.
Powered By DTN