Uber Technologies, Inc., is no stranger to self-inflicted wounds, but the latest visit to the infirmary goes far beyond the kinds of running-with-scissors episodes that have made the ride sharing company infamous.
They also managed to download the names and driver's licence numbers of around 600,000 drivers in the US.
Khosrowshahi says hackers accessed the data through a third-party, cloud-based service. Uber hasn't explained how its developers' private account on the site was compromised, but it likely involved some carelessness, said Kyle Flaherty of security firm Rapid7.
Jeremiah Grossman, chief of security strategy at security firm SentinelOne, says this was not a sophisticated hack.
Instead of alerting users and authorities to the breach as required by law, Uber paid the hackers $100,000.
The company's reputation has already been dragged through the mud this year, and for many, the breach and cover-up was the icing on the cake. The laws generally apply if a victim of a hack lives in that state.
And even the SEC has faced security issues of its own.
The concerns are not only limited to the breach itself; the strongest ire is coming from regulators over how Uber handled the cyberattack. Hackers threatened to release TV shows unless the companies paid them. But then, their identities were known, and they knew they might face consequences.
The New York Attorney General's Office has also opened an investigation into the breach.
"You may be asking why we are just talking about this now, a year later".
The agency gave Uber 180 days to obtain an independent audit into its privacy and security practices.Читайте также: Why the Broncos fired offensive coordinator Mike McCoy
Other countries have similar rules regarding breaches.
It later said only about 8,000 Canadians were affected.
He added: "Deliberately concealing breaches from regulators and citizens could attract higher fines for companies".
In terms of scale, Uber's hack doesn't measure up to other major breaches.
Seventy million might have lost personal data including names, addresses, phone numbers and e-mail accounts, while 40 million bank accounts and credit cards were also put at risk.
Yahoo didn't make its first disclosure about hacks that hit 3 billion user accounts during 2013 and 2014 until September 2016. Which, if you think about it for more than five seconds, is actually a really awful precedent to set.
Uber has set up a website for users who have been affected. "But rather than fear the breach, organisations need to prepare with a defined, well-practiced response strategy that involves security teams, legal, executive leadership, and communications/PR support", he said.
"The fact that they hid it for such a long time that doesn't seem like good business to me", said Daly.
"Companies get punished for that", Rubin said. He was replaced in August by former Expedia boss, Dara Khosrowshahi. The company has been embroiled in a number of controversies, including using software called Greyball to evade regulators, a court battle over allegedly stolen secrets from Google's self-driving auto division, and a slew of complaints regarding sexual harassment and toxic company culture.
"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes", Khosrowshahi wrote.
The tech company reportedly tracked down the hackers and pressured them to sign non-disclosure agreements so news of the incident did not become public.
Sullivan and one of his deputies were ousted from the company as a result of the CEO's internal investigation, we're told.
Discovery of the United States company's cover-up of the incident resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог