Uber Hid Cyber Breach For A Year

Uber, a global transportation technology company, is facing lawsuits and government investigations after the company hid a cyber breach for a year. According to the City of Chicago’s complaint against Uber, in October 2016, hackers accessed Uber’s code repository at GitHub, which is hosted by Amazon Web Services. Using the repository, the hackers obtained login credentials that allowed them to access the personal information of more than 50 million people.

To keep the breach quiet, Uber reportedly paid the hackers $100,000 and had them sign a non-disclosure agreement. Uber claims the hackers agreed to delete any stolen data. However, Chicago’s attorneys argue that trusting the hackers is “nonsensical.”

Previous Cyber Breach

The breach is not Uber’s first cyber incident. In 2014, hackers comprised Uber’s network by using similar hacking methods. After an investigation, the Federal Trade Commission (FTC) alleged that Uber did not prevent the breach because it failed to take reasonable measures, such as monitoring the network and requiring multi-factor authentication. As a result, Uber entered into a consent order with the FTC promising to take corrective actions that included securing its data and implementing a privacy program.

As plaintiffs are filing lawsuits for violating state breach laws, a group of senators are demanding that Uber provide a detailed timeline of the breach. One senator questioned why Uber chose not to provide forensic information to law enforcement to help them catch the hackers. Meanwhile, Uber announced that it will alert the affected individuals and offer them free identity-monitoring for one year.

For more information, visit Ars Technica and the Federal Trade Commission.

Share this article!

Alice is a member of the Florida Bar, and she focuses on business and technology matters in her law practice. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She currently serves on The Florida Bar Journal/News Editorial Board.