When registering with Uber, a phone number confirmation is required by accepting an SMS with a confirmation code. We recommend using the site to receive SMS online, so as not to use a personal number and not become a victim of fraud.
Two years later, the smoke finally dissipates. It was announced today that Uber has agreed to settle $ 148 million in complaints about the 2016 hack. According to The Washington Post, this is "the largest punishment for violating data by government agencies in history."
At first glance, this may seem like an excessive figure ... and it could be so if it were not for Uber’s epic failure in this situation.
There were two main problems with how the company dealt with the 2016 violation. First, Uber paid the hackers who infiltrated his systems.
For many years, law enforcement officials have been warning cybercrime victims of non-compliance with ransom requirements. This is a familiar situation that repeats with every new ransomware flash, but it can also apply to corporate data breaches.
Uber decided to ignore this advice. Instead, the company spent more than $ 100,000. Uber decided to trust the same hackers who hacked his systems, believing that these people will delete the illegally obtained data and everything will return to square one. “In keeping with its corporate culture at the time, Uber hid the violation under the pretext of intentionally disregarding the law,” said California Attorney General Xavier Becerra.
After about a year, the company finally published a public admission of the violation. This happened around the same time that the new CEO, Dara Khosrovshahi, took office.
Khosrovshahi immediately set about eliminating the consequences. “None of this should have happened, and I will not make excuses for it. Although I cannot erase the past, I can guarantee on behalf of every Uber employee that we will learn from our mistakes, ”she wrote in her blog on November 2017.