After a number of headline-grabbing data security breaches , the cab firm Uber is publicly learning the price of not taking cybersecurity seriously. It has recently come to light that in 2016, it suffered a catastrophic security breach that resulted in the theft of the personal details of millions of customers and drivers all over the world.
It appears the data breach was caused by carelessness. Someone wrote their password to administer the system on a third-party server’s website – a hacker stumbled across the password and used it, blackmailing the company to the tune of $100,000 in return for deleting the data.
Uber then made things so much worse by making two major mistakes:
By its actions, the company has made a huge rod for its own back. It is currently appealing against Transport for London’s decision not to renew its licence to operate in the capital. Before the breach came to light, TfL had already ruled that Uber was not a “fit and proper” company to run taxi services because of Uber’s “conduct and approach”. Covering up such a catastrophic security breach will undoubtedly work against them.
A civil lawsuit has already been filed in the US against Uber on behalf of the drivers and customers whose details were hacked. The complaint stated that “Uber failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach.” It is likely that, if the lawsuit is upheld, the high level of civil damages coming, in addition to official fines, could spell the end of the company.
It is therefore up to every business, however large or small, to take responsibility for their data security. We must all take our data security seriously, especially once the GDPR takes effect next May.