Uber has once again suffered a data breach, with hackers gaining access to drivers’ personal data like social security numbers and names – leaving experts stressing for a stronger emphasis on cybersecurity.
This is the third data breach of the car-hailing giant in six months, and much like the breach back in December, hackers were able to gain access to records through a third-party vendor.
This time it was Genova Burns LLC, a law firm representing Uber Technologies, who had access to the data as part of their legal work with Uber.
According to a letter published online on 4 April by the law firm, they first noticed something out of the ordinary at the end of January.
Following further investigation the firm discovered that hackers had infiltrated access into the data – over 77,000 Uber and UberEats drivers were affected by the privacy breach.
Part of the letter read: “Upon learning of the event, we investigated to determine the nature and scope of the incident and secured the environment by changing all system passwords.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“We will be taking additional steps to improve security and better help protect against similar incidents in the future.”
The breach has left experts stressing the importance of cybersecurity across all vendors, while slamming the traditional method that they claim “is not cutting it”.
“These frequent headlines on Uber suffering from data breaches are evidence enough that the traditional approach to cybersecurity is not cutting it,” Oz Alashe MBE, CEO of cybersecurity company CybSafe, told Verdict.
Adding: “Many assume an organisation’s cyber security efforts end at its own front door.
“However, with an increasingly complex and data-driven business landscape, partnerships should also be a part of the effort to minimise vulnerabilities.
“While technical solutions are important, equal emphasis should be placed on how we view cyber security from a human, behavioural perspective.”
Alashe believes that companies need to be giving employees “the tools to be part of the solution.”
“We will make significant improvements by targeting the specific behaviours that leave individuals vulnerable to attack and addressing them through positive cooperation,” he added.
Uber has had quite the run of data breaches over the years. Just last year, a teenager who claimed to be with the infamous hacking Lapsus$ gang infiltrated Uber’s internal systems. He claimed he hacked into the company for fun.
In 2016, hackers managed to steal 57 million customer and driver records. The ride-hailing app company was left in hot water when it was revealed they had tried to cover up the breach.