Data Center and Critical Infrastructure

Uber Driver Info Stolen, CSO Fired

22 November 2017

Earlier this week, Uber’s CEO Dara Khosrowshahi acknowledged in a blog that his company had suffered a hack involving the personal information of 57 million Uber users and drivers roughly one year ago.

The security breach involved two individuals outside the company, who Uber CEO Dara Khosrowshahi. (Photo: Wikipedia)Uber CEO Dara Khosrowshahi. (Photo: Wikipedia)had illegitimately accessed user data stored on a third-party cloud-based service that Uber uses. According to Khosrowshahi, the incident did not affect corporate systems or infrastructure. The company, unhappy with how the breach was handled, has fired its Chief Security Officer, Joe Sullivan, and one other employee.

The compromised information from the October 2016 attack included names, email addresses and phone numbers of 57 million Uber riders worldwide, as well as the names and driver’s license numbers of approximately 600,000 U.S. Uber drivers.

After the company executives learned of the incident in November 2016, Uber took steps to contain and prevent harm, however, regulatory authorities and affected individuals were not properly notified, and company protocol was not followed. Immediate steps were taken to secure the data and shut down further unauthorized access by the individuals, however.

In his blog, Khosrowshahi said the perpetrators were “subsequently identified and [we] obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.” Bloomberg reported that those “assurances” were obtained via a $100,000 payment to the attackers. Bloomberg has also reported that the first lawsuit against Uber regarding the incident has been filed in a Los Angeles federal court, and states that the service “failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach.”

Matt Olson, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, will assist Khosrowshahi in structuring future Uber security teams and processes. Drivers whose license numbers were downloaded are being notified and provided with free credit monitoring and identity theft protection.



Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement
Find Free Electronics Datasheets
Advertisement