Uber's Data Woes Highlight Why Mandatory Breach Notification Is A Good Thing

Image: iStock

It has been revealed that Uber was the victim of a cyber-attack that resulted in the personal data of 57 million customers being exposed. And if that wasn't bad enough, it is also being reported that the many paid the hackers $100,000 to keep quiet and delete the data. Under European and Australian laws that will come into effect next year, that $100,000 is small fry compared to the millions of dollars it could cost them.

Australia's mandatory breach notification laws and the European General Data Protection Regulation (GDPR) impose hefty penalties on companies that are breached and fail to follow notification laws.

Under revealed, in a post on the company's blog, CEO Dana Khosrowshahi said that he had only just become aware of the breach. He said the breach included details of around 600,000 drivers in the US and 57 million passengers from around the world.

While Khosrowshahi says they company has taken steps to prevent this from happening again, the cover up is the bigger issue. And the many has already suffered some significant bad publicity on the back of the comments and behaviour of staff and board members under the stewardship of previous CEO Travis Kalanick.

Australia's breach notification nation laws would cost the company several million dollars, not because of the breach but because of the cover up.

If consumers were in any doubt as to the value of these laws, this breach and subsequent actions at Uber clarity show how they can protect consumers.


    Not to be a phallic but I knew this would happen to Uber specifically among a bunch of others, security is the last thing on the minds of the many loss-making upstarts. Security systems and/or the protective organizations that run them will eventually become true brands and displayed as a badge of integrity by all companies that handle such data, but this won't happen for a long time yet, not until long after it becomes absolutely necessary (eg after the damage has been done). Turning on the news in the morning (or your chosen news web) will one day partially be about finding out which big security service got cracked and which of the companies they protected, compromised (with the protecting company usually then going bust). Enjoy that future.

Join the discussion!

Trending Stories Right Now