08 Feb'18

Courts condemn Uber’s data breach cover-up

In November of last year, Uber was exposed to having experienced a data breach that occurred in 2016 and left 57 million users’ personal data vulnerable and 600,000 drivers’ license numbers. See the BBC’s report.
However, the hack was not reported when it occurred. Instead Uber covered up the hack by paying one of the hackers $100, 000. A bug bounty programme was used to pay the hacker, which is usually a system to reward ethical hackers when they have uncovered flawed companies and do not exploit this information.
Reported by IT Pro, Uber’s CISO , John Flynn, admitted on the 6th February during their US hearing that there was ‘”no justification”’ for covering up the data breach.
Flynn adds, ‘”We recognise that the bug bounty programme is not an appropriate vehicle for dealing with intruders who seek to extort funds”’.
At the time of being exposed, Uber’s CEO Dara Khosrowshahi stated ‘None of this should have happened, and I will not make excuses for it”’, as quoted by The Guardian. Khosrowshahi assured the public that they had obtained ‘”assurances that the downloaded data had been destroyed”’
They do not reveal the reasons behind covering up the data breach or the decision makers that were involved.
Legislators called their actions ‘”morally wrong and legally reprehensible”’. Still cheaper than a black cab though.