Uber Pay $148m Penalty For Breach Cover-Up

Attempting to cover up a data breach was a failed mission for Uber, who has announced that it has agreed to a $148m settlement with Federal Trade Commission (FTC). The fine for its 2016 data breach and cover-up sends a strong message not only to Uber but to organisations across all sectors that data breaches, whether disclosed or not, come at a hefty price.

“Companies can no longer get away with poor cybersecurity and sweeping incidents under the carpet,” said Rob Shapland, principal cybersecurity consultant at Falanx Group. 

"I would expect many companies will have tried to hide the fact that they’ve been breached, especially given the size of the potential fines. This case, and Uber’s punishment for not revealing that the breach had occurred, will hopefully give companies further warning of the risks posed by cyber-attacks, so that they take the security of the data they hold more seriously.”

In November 2017 Uber shocked the cybersecurity community when it confessed that it had indeed attempted to hide the fact that data of 57 million users was stolen. 

In response to the settlement news, Tim Erlin, VP at Tripwire, said, “There’s no doubt that the cover-up behavior was impactful in how this settlement played out. It’s a good reminder to all organisations of how a good breach response plan can help avoid poor decision making in the midst of an incident.

The fine is huge, which has some commentators wondering whether it is intended to set a precedent in order to deter other organizations from attempting to cover up future breaches.

“Trying to keep [a breach] quiet will of course be an idea by some senior ranked employees. However, this is inevitably the wrong thing to do, and Uber is surely being made an example of what not to do,” said Jake Moore, security specialist at ESET.

“Being open about customer data breaches at the earliest opportunity is not only ethically the right thing to do, but helps protect people from a multitude of other attacks which could follow as a result.”

Moreover, the fine speaks to the financial risks of compliance mismanagement. That a breach of such magnitude was able to happen was problematic enough, but paying the hackers $100,000 to delete the data and keep the breach quiet, rather than report the incident, was “A blatant disregard for governance and compliance, putting customers at risk,” said Pravin Kothari, CEO of CipherCloud.

“The takeaway lesson is that it is incumbent upon all of us to foster a culture in our companies such that our employees understand the ethical necessity of full disclosure and transparency. Protecting our customers and their data is not optional.”

Infosecurity-Magazine

You Might Also Read: 

Uber’s U-Turn On User Watching:

 

« Facebook Could Face A GDPR Fine Of $1.63bn
Russia Stands Accused Of Global Hacking Campaign »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

8MAN

8MAN

8MAN is a leading Access Rights Management (ARM) solution in Microsoft and virtual server environments.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Asvin

Asvin

Asvin provides secure update management and delivery for Internet of Things - IoT Edge devices.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

AKIPS

AKIPS

AKIPS develops the world's most scalable network and infrastructure monitoring software, delivered as a turn-key software appliance.