Markets

United Kingdom regulator says Uber data breach concealment raises 'huge concerns'

United Kingdom regulator says Uber data breach concealment raises 'huge concerns'

Uber said hackers stole personal information about more than 57 million of its customers and drivers, but that there was no evidence the stolen data was misused.

"Uber has had a slew of controversies surrounding it for some time now and at a time when the company is relying on public opinion to help support continued operations in London through petitions etc, this incident is likely to do it no favors - as the results of our flash poll show", says Tony Pepper, co-founder and CEO of Egress.

"None of this should have happened, and I will not make excuses for it", Khosrowshahi wrote.

The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.

The news was then confirmed by the company, which explained that in October 2016, two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that Uber used. "We are changing the way we do business". "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes", said Khosrowshahi.

Corporate cover-ups of often-serious data breaches are all too common, RSA APJ chief cyber security advisor Len Kleinman recently told CSO Australia while warning that "if you were involved in this space and managing incidents, you would be aghast at how much is actually kept quiet or swept under the carpets". However, the drivers license numbers of 600 000 drivers in the U.S. were compromised. Equifax waited weeks before disclosing the data breach to consumers, during which time three executives sold almost $2 million worth of the company's shares.

"Unfortunately, we frequently see SSH keys that provide access to AWS left unprotected in GitHub", he said.

In September, the agency revealed its EDGAR system, a platform that pools financial reports on publicly traded companies, has been breached in 2016. The state's Consumer Protection and Anti-trust Bureau on Wednesday opened an investigation into the case of hackers stealing the personal data of 57 million customers and drivers from Uber.

A spokesman for Transport for London, which this year announced it would not be renewing Uber's licence in the capital, said: "We are working to gain clarity from Uber on whether any of the issues seen in the United States have occurred here".

According to security firm Venafi, the breach at Uber is an example of how unprotected machine identities can lead to data breaches.

"Uber paid $100K to protect 57M people? But rather than fear the breach, organisations need to prepare with a defined, well-practiced response strategy that involves security teams, legal, executive leadership, and communications/PR support", he said. "The cost of dealing with this - they're going to have lawsuits and legal fees", Grossman said. Joe Sullivan, Uber's chief security officer, is no longer with the company, it said.