Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Uber breach cover up – expert comments

November 2017 by Mark Sangster, VP and Industry Security Strategist at cyber security company eSentire

You’ve likely heard about the Uber data breach that affected 57 million users (riders and drivers). The breach took place in 2016, went unreported by Uber, who instead paid hackers $100,000 to keep the breach quiet and delete the stolen information. Mark Sangster, VP and Industry Security Strategist at cyber security company eSentire says:

“It’s fascinating that even in light of the mega breaches of 2016 and 2017, companies consider non or delayed breach disclosure as an option. The number of records compromised in the Uber hack far exceeds the entire population of Canada. We’re not talking small beans, here. Unfortunately for Uber, I expect that its breach will set new precedence when it comes to regulatory compliance and disclosure mandates. Companies today have no excuse when it comes to cybersecurity controls. Tools and guidelines exist to help organizations and firms prepare and navigate breach remediation and disclosure. In Uber’s case, you have a company already enduring a PR firestorm. Mix in a significant one-year old, non-disclosed breach and that storm suddenly becomes a hurricane. In light of the recent revelation about the year-old Uber breach, passengers were being taken for more than one kind of ride. Now it will be Uber’s turn to navigate a labyrinth of financial and state breach notification laws given a user base spanning the globe, particularly as the European Union is set to usher in the General Data Protection Regulators (GDPR) regulations to prevent this sort of delay in breach notification.”

See previous articles


See next articles