Uber data breach and cover-up


Village Elder
Uber Reveals Data Breach and Cover-up, Leading to Two Firings

Interesting: they steal your data and then you PAY THEM $100k not to reveal that they stole from you! What a concept!

Uber Technologies Inc. on Tuesday revealed it paid hackers $100,000 in an effort to conceal a data breach affecting 57 million accounts one year ago, a troubling disclosure that adds to a string of scandals and legal problems for the world’s most highly valued startup.

The ride-hailing firm said it fired its chief security officer, Joe Sullivan, and deputy Craig Clark for their roles in the breach and for covering it up. In addition to the names, emails and phone numbers of millions of riders, about 600,000 drivers’ license numbers were accessed, Uber said.

Uber said financial information, like credit cards and Social Security numbers weren’t taken. The company said it would notify owners of the affected accounts in the coming days.

While the scale of the breach pales in comparison to recent disclosures from Yahoo Inc. and Equifax Inc., Uber’s attempts to keep it quiet raise questions about how many people knew about it and whether officers still at the company were part of the scheme.

Neither Mr. Sullivan nor Mr. Clark could be immediately reached for comment. A spokesman for Uber declined to say who had authorized the $100,000 payment. A spokeswoman for Travis Kalanick, who was CEO during the time of the breach, declined to comment.

“None of this should have happened, and I will not make excuses for it,” Chief Executive Dara Khosrowshahi in a statement regarding the breach and coverup. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

Uber said the data breach happened in October 2016 and it learned of the hack in November. The company said it took “immediate steps” to secure the data and shut down unauthorized access while strengthening its security controls. But Uber said it failed to disclose the breach to authorities, customers and drivers, and after Mr. Khosrowshahi learned of the coverup, he ordered an investigation into the circumstances behind the breach.

The deliberate coverup is another challenge for the recently hired CEO, who in less than three months on the job has tried to bring stability after a year of controversies and missteps that took place under Mr. Kalanick, Uber’s co-founder. Valued at $68 billion by investors, Uber has developed a reputation for pushing the limits of the law in its pursuit of dominating the market for ride-hailing.

As Uber CEO, Mr. Khosrowshahi has inherited several federal probes of the company over programs targeting competitors and regulators, as a well as a possible violation of the Foreign Corrupt Practices Act.

Uber is in a heated legal battle with Google parent Alphabet Inc., which filed suit in February alleging the company stole trade secrets related to self-driving cars. And it is trying to recover from claims by a former female engineer that management ignored complaints from her and other women of sexism and harassment.

The company has said it is cooperating with federal regulators in their investigations. It disputes the allegations made by Alphabet and is contesting the lawsuit in court.

Mr. Khosrowshahi’s short reign at Uber has been riddled with infighting among directors, particularly between Mr. Kalanick and investor Benchmark Capital over the company’s corporate governance. In the midst of all this, he has spent weeks negotiating a deal for SoftBank Group Inc. to invest upward of $10 billion in the company through a direct investments and stake purchases from employees and other investors.

Uber said it hired Matt Olsen, a cybersecurity expert and former general counsel of the National Security Agency, to advise the company and retained FireEyeInc.’s Mandiant to help with security monitoring.

The ride-hailing company said it is offering free credit monitoring for affected drivers and additional monitoring for fraud on the accounts of the customers affected.

Securities and Exchange Commission regulations compel publicly traded companies—but not privately held firms like Uber—to disclose major data breaches. Earlier this year the SEC launched a probe into Yahoo, now a business unit of Verizon Communications Inc., and whether the company disclosed a major 2014 security breach in a timely manner.

With no federal data privacy law, Uber’s obligation to report the breach falls under a patchwork of data-breach laws in 48 states that come with differing and often complex notification requirements. The laws generally apply if a victim of a hack lives in that state.

Companies that fail to notify users in a timely manner following a breach are technically in violation of these laws, but prosecutions are extremely rare, said Avivah Litan, an analyst with the industry research firm Gartner Inc.

States “don’t have the staff to enforce these laws,” Ms. Litan said.

—Robert McMillan contributed to this article.



*** Uber. They wouldn't give me my $15 free ride sign up deal. Which reminds me I need to delete all my personal info from that stupid app.

There is always a way to beat the system if you know how. 5 free rides and counting.
I threw uber to the sewer the day a foolish driver cancelled the trip since i missed one call from him...I was charged Ksh200.....the pain was equivalent to that of makanga overstaying with a 10 bob change!! Very painful. *** Uber, *** u Benson M. (toyota sienta)


Village Sponsor
"And it is trying to recover from claims by a former female engineer that management ignored complaints from her and other women of sexism and harassment. "

sijapita hapo. feminists ndio wao!


Village Elder
We all have our own experiences. Uber has been very good to me. No more overnight parking fees or taking the shuttle to a distant parking lot. Data loss is concerning but whom are we fooling? Just about every card in your wallet has lost data to hackers at some point. Hazards of modern living..