Photographee.eu - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Risk & Repeat: Uber data breach has implications for infosec

Listen to this podcast

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Uber data breach, which was concealed by company officials, and the ethics of data breach disclosure.

The Uber data breach and subsequent cover-up could have troubling implications for enterprise security.

Last week, the ride-sharing company disclosed a previously unreported incident that saw threat actors steal personal information, names, email addresses and mobile phone numbers of 57 million worldwide customers, as well as the names and driver's license numbers of 600,000 drivers in the U.S. Uber admitted company officials effectively concealed the breach from customers and regulators for more than a year.

According to Bloomberg, which was first to report the breach, Uber CSO Joe Sullivan and Craig Clark, a senior lawyer with the company, led the response effort to the Uber data breach and paid the attackers $100,000 to delete the data and stay quiet about the incident. Bloomberg also reported the attackers gained access to a private GitHub site and obtained company login credentials, which were then used to access the databases hosted on Amazon Web Services.

The incident has raised questions about the ethics of data breach disclosure and customer notification. What type of security incident qualifies as a data breach versus a simple malware infection? Are companies that pay to recover data in ransomware attacks potentially violating data breach disclosure rules? Is the Uber data breach cover-up just an isolated incident, or are more enterprises engaging in this type of behavior?

SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How should Uber have handled data breach disclosure in this incident?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close