Uber Data Breach - Industry Comment from Arbor Networks
November 2017 by Arbor Networks
Following the news that Uber has been involved in a data breach that has effected 57 million customers and drivers, and paid the hackers $100,000 to delete the stolen data, the comments from Darren Anstee, Chief Technology Officer at Arbor Networks.
“Customers trust companies to keep their data secure, but it is a sad reality that hackers can sometimes get through. How a brand or company reacts to this scenario can be the difference between long-term reputational damage and a renewal of customer trust.
“Uber’s failure to disclose this hack might have seemed the best course of action at the time, but, as today’s headlines show, the priority must always be to notify customers as soon as an accurate picture of what has occurred emerges. This empowers customers to take steps to secure their own data, such as updating passwords if they have used similar credentials for multiple services. Companies can then communicate what steps they are taking to prevent a breach reoccurring. In this instance, Uber had an obligation to tell customers, and they also had an obligation to disclose this breach to the government. Uber should take this opportunity to re-examine their policies and ensure their guidelines help foster a good cyber security culture within their organisation.
“What’s particularly unsettling about this situation, is Uber’s willingness to pay hackers to keep quiet. Such financial rewards could set a dangerous precedent that might encourage more attacks in the future. The good news is that, from next year, GDPR will compel companies to report such data breaches. There will be no hiding, so companies must ensure their processes are up to scratch. What is important is that companies proactively implement technologies and processes that manage the risk this regulation is designed to address, instead of taking minimal action just so they can comply.
“The impact of data breaches can be significant, with knock-on effects on the business itself, customers and/or end-users. Businesses need to make sure they minimise their risk appropriately, and have a plan in place for if something goes wrong.”