Written by Jonathan Hunt
16 Aug, 2019
The personal information of 57 million Uber customers and drivers around the world was compromised in a data breach which was covered up by the taxi firm back in 2016. Hackers managed to access the names, email addresses and phone numbers of millions of Uber users as a result of the attack. Bloomberg, who broke the news, also stated that 600,000 driver’s license numbers were compromised. Uber chose not to inform either those affected or the regulators despite being obliged to do so. They instead paid the hackers $100,000 (£76,000) to delete the data and keep the breach under wraps. In a statement on the company’s website, CEO of Uber, Dara Khosrowshahi said: “None of this should have happened, and I will not make excuses for it. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
If you have ever used the taxi booking app, it’s possible that your personal information was accessed in the uber hack. The cab firm has since issued advice to those concerned that they may have been affected. In a post on its website, Uber encouraged users to check their account for any potential issues and report anything suspicious via the help centre.
According to the report by Bloomberg, the hackers gained access to a coding site used by Uber software engineers where they obtained the login details to the company’s Amazon Web Services account. Once they had logged in to this account, the hackers found an archive of data containing the personal information about the riders and drivers.
Rather than following the standard breach protocol of notifying those affect and setting out measures to prevent future incidents, Uber chose to conceal the breach, shelling out $100,000 and thus creating a much bigger problem for themselves. The company has stated that they are monitoring the accounts that were affected by the Uber hack and have not found any indication of fraud as of yet. Uber will also let each affected driver know that their licence numbers were accessed and will provide them with credit monitoring and identify theft protection. Failure to notify the individuals and regulatory authorities in the first instance is expected to have serious consequences for Uber. On top of the impending punishments, the company’s reputation will take a substantial hit, with customers unable to trust them with their data in the future.
Although it tends to be massive organisations like Uber that make the news when they’re hacked, small to medium-sized businesses are just as likely to be targeted. It’s therefore vital that you have a robust cyber security plan in place to prevent data breaches. Below are some of the measures you need to have in place.
In this particular instance, the Uber hack could have been prevented with a stricter access control and password security policy. It’s vital to ensure all access to services is authenticated, authorised and encrypted. Are you certain that all your most sensitive, valuable information is only available to those who truly need access to it? At Venom IT, we offer virtual servers with both military and banking-grade security encryption and can provide you with expert advice on how to manage access control.
Consider upgrading all your machines to a more robust, business-grade antivirus system, rather than relying on cheap home editions or free versions. Business grade antivirus systems also often come with handy network-wide management tools that can enable you to centrally manage all the machines on your network, rather than going to each individual machine to run updates etc.
For you as the end user, good patch management simply means that each program on your system – especially the security suite – needs to be up-to-date with the latest security upgrades. Consider using a cloud-based, virtual network populated with virtual machines instead of making upgrades to your physical networks all the time. In most cases, paying the monthly or annual fee for a virtual network works out cheaper than upgrading physical machines on a like-for-like basis. The reason for this is economy of scale, and this means you could potentially always have the latest and the best system, always up-to-date and secure, tailored to your needs.
In a building, a firewall is a wall that has been constructed in such a way that, if a fire broke out in one room, it won’t easily spread to the rest of the building. In a similar way, a firewall in cyber security is a system that prevents the spread of viruses or prevents hacking attempts from penetrating your system. Do you have a physical firewall? Does each computer on your network have a software firewall? Consider getting a security assessment from Venom IT; it will either give you some needed pointers, or peace of mind that everything that should be in place, is in place.
Unfortunately, the weakest link in the cyber-security chain is very often the human link. Have the staff been educated and trained to identify spoofs, phishing scams, social engineering scams, CEO scams and the like? Just like carrying out fire drills, have the staff been trained on exactly what to do when a cyber threat or attack is identified? We offer staff training packs and seminars, contact us for details. If you require any further advice or help with implementing the above cyber security measures to help prevent data breaches like the Uber hack, please contact us. We are ISO9001 and Cyber Essentials certified so you can be certain of both the quality and security of our services and systems we put in place.