Millions Affected In An Uber Security Breach

Thursday, January 25, 2018 8:51 pm, Posted by Absolute Destruction

At a time when tapping an app has replaced hailing a cab, most of us have relied on the ride sharing firm, Uber, to get around Toronto and the GTA at least once. Though a convenient alternative to taxis, the app comes at a cost to cybersecurity to millions now that Uber revealed it was the target of a significant security breach.

The crew that makes up Abacus’ on call data destruction services was disheartened to hear nearly 50 million customers had their names, emails addresses, and phone numbers exposed in the hack. Hackers also accessed personal information of 7 million drivers — 600,000 of whom had their licence information exposed. So far, the company has yet to reveal how or if the breach affects its Canadian customers. While the Federal Commissioner’s Office is working with regulatory and government authorities to uncover the truth, there’s no evidence to suggest Uber plans on sharing this number.

So far, Uber claims there is no evidence of fraud tied to these exposed identities. It’s still offering up free credit monitoring protection to its drivers, though the same offer isn’t extended to customers. These drivers also have access to an Uber resource page regarding the incident should they have any questions about their next steps.

Last year, our team reported on the breaches that affected Equifax and Yahoo, the latter of which affected billions of customers. By comparison, Uber’s 57 million is a modest number. What is perhaps the worst part of this is the breach’s timeline. News of the hack went public in November of 2017, but the breach happened much earlier.

Uber first learnt of the attack in October 2016 — a month after hackers first accessed the company’s data. This isn’t the first time the company tried to conceal a security breach. Earlier this year, Uber was fined $20,000 for failing to disclose a smaller breach that occurred in 2014.

It was actually during October of last year that Uber was negotiating with U.S. regulator over the 2014 breach. Instead of reporting the new breach from 2016 during the proceedings, Uber stayed mum about the latest hack and chose to pay the attackers $100,000 to delete the acquired data.

Now Uber is under investigation led by New York Attorney General Eric Schneiderman. Since the reveal, the new CEO, Khosrowshahi said, “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.” In doing so, he’s calling for the resignation of the company’s security chief, Joe Sullivan.

Historically, this isn’t the worst case of privacy violation; however, it does pose as a significant reminder about the online security. Always be careful with the apps that you share your information with. When you cast a discerning eye towards an app’s request for information, you can avoid those apps that seek to do you harm.

Uber, on the other hand, is one of the many apps that seemed like it was a safe addition to your phone. While there’s nothing you can do to change the way hackers target companies or how these companies react to these breaches, you can focus on the steps you can take. Protect your personal information by scheduling our secure paper shredding and electronic data destruction services. As a local GTA company, we offer our services in Vaughan, Aurora/Newmarket, and London — just to name a few. Check out our homepage to find the full list of cities we service.

The “Certificate of Destruction” we present at the end of every job means any physical documents or devices storing your personal information is destroyed to such a degree that it can’t be retrieved. This, along with developing safe online habits, is one of the best ways to protect yourself from identity theft.

Give us a call when you’re ready to take the next step in your defence. In addition to on-site pick-ups, we offer consoles and containers to collect your documents, electronics, and recycling in between our visits. Each console and container is locked to prevent any tampering, so you’re safe at every step of the destruction chain. If this sounds like something you or your business could use, let us be your safeguard during a volatile time for cybersecurity.

© 2021 Absolute Destruction. All Rights Reserved.