Uber is not the first business to fall foul to a security breach and it certainly won’t be the last.
The reality is that – with data breaches like Yahoo!, Equifax, and now Uber – we must accept that a plethora of once-trusted companies can no longer be trusted to keep our private data secure.
However, the news that the company paid off the hackers and kept this breach under wraps for a year is truly astonishing. Rule number one is never pay the ransom!
There is absolutely no guarantee that the hackers didn't create multiple copies of the stolen data for further extortion in the future, or to sell on the dark web further down the line. Given the fact that 12 months has passed since the hackers gained access to Uber customers’ data a lot of damage could already have been done.
Being open and transparent and keeping customers informed is key: you can’t simply sweep these things under the carpet.
Businesses have an obligation to their customers to let them know of a data breach as soon as reasonably possible. Once GDPR comes into force next year this will be law – were it already in place, Uber could have faced heavy fines.
But the reason potential victims need to be informed as soon as possible is so they can take precautions to better protect themselves in the future.
Stolen passwords, email addresses and usernames are potent packages for identity theft. As people often reuse these credentials, they can be used across multiple sites if they fall into the wrong hands.
The data is key information that hackers often use for basic security scams like phishing email attacks.
Uber customers and victims need to take a few steps to ensure that their personal details are secure:
Change the password to your Uber account, making sure it’s secure and not easily guessable.
Make sure you’re using different passwords for each online profile.
Be vigilant about the authenticity of any emails you receive, check for typos, strange phrasing or anything that doesn’t seem quite “right” and never click on hyperlinks or attachments if an email seems “off”.
Keep an eye on your online accounts for any suspicious activity and contact the provider immediately.
The fact that consumers will need to take these precautions a year after they should have been advised to is a shocking lapse on Uber’s part.