Freely subscribe to our NEWSLETTER

“It’s disappointing to see that Uber has been breached again following a sperate incident back in September. This time it looks like customer information is safe, but the online dump of stolen data includes internal asset data and various sensitive details, including personally identifiable and account information of around 77,000 Uber employees which was freely shared on a hacking forum. The incident has been confirmed as unrelated to the attack that happened a few months ago. This time it appears that the intrusion was executed through a third-party supplier. I see a growing number of successful attacks like this that originate through a third-party supplier or supply chain.
To protect against similar third-party attacks in the future, organisations need to prioritise vulnerability management and patching of third-party software. Only by having overall visibility of the organisational network can IT teams ensure they can control, patch and plug vulnerabilities in all third-party software being used, and confidently have the ability to respond and limit the consequences of a breach should one occur, therefore reducing the impact on customers.
This incident should serve as a reminder that having high levels of cyber hygiene can help prevent supply chain attack methods from being successful. As part of this effort, IT teams need to know where their most sensitive data sits at all times in order to effectively protect it. Having full visibility of the corporate network to identify devices that may have been compromised and then fix them quickly is also vital.”