The recently revealed Uber data breach, that resulted in 57 million customer and 600,000 driver data records being leaked, has seen the leadership ranks of the company's security team gutted. Chief Security Officer Joe Sullivan was fired and his Chief of Staff Pooja Ashok, senior engineer Prithvi Rai and Sullivan's most senior manager Jeff Jones have all resigned.
Data breaches are a fact of life but it's what happens after that speaks volumes about businesses. In Uber's case, they paid the hackers US$100,000 to cover up the leak - pretty much the best thing to do if you want to completely lose your customers' confidence. It's not surprising that the company's new CEO, Dara Khosrowshahi, has sought to clean out the old team that presided over the reaction to the breach.
Contrast Uber's reaction to a breach with the Australian Red Cross Blood Bank. One company went to great lengths to conceal the breach while the other got on the front foot, notifying every affected cusotmer and taking responsibility for the breach.
It's not surprising that Uber's new CEO has taken action over the breach. And I suspect there will be more caualities as it's unlikely other managers and board members were unaware of the cover-up.
Your plans for what happens after a breach are as important, if not more so, when it comes to dealing with data breaches. Does your business have a comprehensive plan for what to do in event of a data breach - other than paying the bad guys some hush money?