Uber Pay $148m Penalty For Breach Cover-Up

Attempting to cover up a data breach was a failed mission for Uber, who has announced that it has agreed to a $148m settlement with Federal Trade Commission (FTC). The fine for its 2016 data breach and cover-up sends a strong message not only to Uber but to organisations across all sectors that data breaches, whether disclosed or not, come at a hefty price.

“Companies can no longer get away with poor cybersecurity and sweeping incidents under the carpet,” said Rob Shapland, principal cybersecurity consultant at Falanx Group. 

"I would expect many companies will have tried to hide the fact that they’ve been breached, especially given the size of the potential fines. This case, and Uber’s punishment for not revealing that the breach had occurred, will hopefully give companies further warning of the risks posed by cyber-attacks, so that they take the security of the data they hold more seriously.”

In November 2017 Uber shocked the cybersecurity community when it confessed that it had indeed attempted to hide the fact that data of 57 million users was stolen. 

In response to the settlement news, Tim Erlin, VP at Tripwire, said, “There’s no doubt that the cover-up behavior was impactful in how this settlement played out. It’s a good reminder to all organisations of how a good breach response plan can help avoid poor decision making in the midst of an incident.

The fine is huge, which has some commentators wondering whether it is intended to set a precedent in order to deter other organizations from attempting to cover up future breaches.

“Trying to keep [a breach] quiet will of course be an idea by some senior ranked employees. However, this is inevitably the wrong thing to do, and Uber is surely being made an example of what not to do,” said Jake Moore, security specialist at ESET.

“Being open about customer data breaches at the earliest opportunity is not only ethically the right thing to do, but helps protect people from a multitude of other attacks which could follow as a result.”

Moreover, the fine speaks to the financial risks of compliance mismanagement. That a breach of such magnitude was able to happen was problematic enough, but paying the hackers $100,000 to delete the data and keep the breach quiet, rather than report the incident, was “A blatant disregard for governance and compliance, putting customers at risk,” said Pravin Kothari, CEO of CipherCloud.

“The takeaway lesson is that it is incumbent upon all of us to foster a culture in our companies such that our employees understand the ethical necessity of full disclosure and transparency. Protecting our customers and their data is not optional.”

Infosecurity-Magazine

You Might Also Read: 

Uber’s U-Turn On User Watching:

 

« Facebook Could Face A GDPR Fine Of $1.63bn
Russia Stands Accused Of Global Hacking Campaign »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

Operational Center for Information Systems Security (COSSI)

Operational Center for Information Systems Security (COSSI)

COSSI is responsible for the detection and mitigation of cyber attacks directed at French Government information systems.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

PhishX

PhishX

PhishX is a SaaS platform for security awareness that simulates Cyberthreats, train people, while measure and analysis results, reducing Cybersecurity risks for People and Companies.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Cyber News Live (CNL)

Cyber News Live (CNL)

Cyber News Live provide vital information and raise awareness about all things 'cyber' to ensure you stay protected in the digital world.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.