On November 21 Uber confessed that in October 2016 the company suffered a cyber attack that affected the data of 57 million accounts, from both users and drivers of the well-known global transportation platform.
Apparently 2 individuals managed to obtain credentials from the company’s developers, and with these credentials, they managed to access the “Amazon Web Services”, and to achieve their main goal: stealing the company’s data, and asking Uber to pay a large amount of money for recovering the stolen data from its users.
Uber’s Security Director, Joe Sullivan made the decision to give in to the blackmail, and to pay the criminals $100,000 in exchange for destroying the information, and not revealing the incident. Sullivan was not the only responsible for hiding from the authorities the incident, also the CEO at the time, Travis Kalanick, also agreed to cover it up.
After Travis Kalanick resigned as CEO, Uber’s new CEO Dara Khosrowshahi had to face this new crisis. He has asked for forgiveness to its user on behalf of Uber, and he stated that there are no excuses for what happened.
As a result of the internal investigation they have been dismissed: Joe Sullivan and the lawyer who advised him: Craig Craik. Hired Matt Olsen (Director of the National Center Against Terrorism) and the Mediant security agency have been hired to investigate what happened and reinforce security.
The international community is seriously concerned about the precedent that this represents, which can encourage cybercriminals to attack companies with economic pretensions. Therefore, experts in cybersecurity such as David Emm, emphasize the need for states to work on clear and forceful regulations.
Uber is facing several investigations, one of them by the European Data Protection Supervisor, which meets today, November 27 and tomorrow, the 28th, to discuss this matter and analyze the procedures of the company with a magnifying glass, and although it does not have powers to issue sanctions, can impose the working groups that will define those that can be set by the member countries.
Europe is already working on setting a regulation, with the new regulation that will come into force in May of next year. We are all wondering if that will be enough to prevent incidents of this kind from happening again.
If you are a business owner or founder, at Syneidis, we can advise you on how to work in transparency and prevention.