PH privacy regulators summon Uber over massive data breach

Allan Goodman
November 25, 2017

Equifax waited six weeks to admit to a hack that compromised the personal information of 145 million customers, and Yahoo disclosed a massive data breach involving 500 million accounts late last year - a full two years after the incident occurred. In his statement regarding the data breach, he said the company needed to be open and honest if is to "repair our past mistakes".

Hence, the NSCS's advice right now is to immediately change passwords used with Uber, even though Uber never said that passwords - hashed or otherwise - were exposed.

Earlier, Uber's CEO revealed that the company was hacked in October past year, compromising personal information of 57 million Uber users. The company said it also has been contacted by the Federal Trade Commission.

In a statement, Uber CEO Dara Khosrowshani admitted that he became aware of the "inappropriate access [of] user data stored on a third-party cloud-based service" late a year ago, and that steps were taken to secure the data, and shut down further unauthorised access.

Prior to this, Uber Philippines said in a statement it could not give further details on the data breach. The hack by two unnamed individuals outside of the company didn't affect corporate systems or infrastructure, he said. As part of the 2016 settlement, Uber agreed to pay $20,000 in fines for failing to report unauthorized access to drivers' data until months after it was discovered.

India allows Kulbhushan Jadhav's mother, wife to visit Pakistan, but 'conditions apply'
Kumar said that India has also sought the sovereign guarantee from Pakistan government to ensure safety, security of both. The spokesperson for Ministry of External Affairs ( MEA ) Ravish Kumar said that Indian has conveyed this to Pakistan.

In an extraordinary admission made by the United States firm's chief executive on Tuesday, it was revealed a third-party cloud-based service had been infiltrated by cyber criminals. Fortunately, the tech company has said that no social-security numbers, credit-card information, trip location details or other data was taken. "We initiated our inquiries and are gathering all the information that can help us assess the scope of the data breach and take the appropriate steps to protect any Italian citizens involved", said Antonello Soro, President of the Italian Data Protection Authority on Wednesday.

We are individually notifying the drivers whose driver's license numbers were downloaded.

Khosrowshahi wrote: "None of this should have happened and I will not make excuses for it. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts". Uber paid the hackers $100,000 to delete the data and not disclose the breach.

On Twitter today, USA security writer Brian Krebs asked what made Uber's $100,000 payout to the hackers different from the ransoms other companies have paid to unlock system data encrypted by ransomware.

US Senator Richard Blumenthal took to Twitter to call for the FTC to investigate Uber, describing the company's behavior as "inexplicable" and asking for the FTC to impose "significant penalties". "You can ask forgiveness for being hacked, but many people will find it harder to forgive and forget if you deliberately concealed the truth from them".

Other reports by PlayStation Move reviews

Discuss This Article