Uber 2016 data security incident
In 2016, Uber was evaded by hackers, private data of 57 million users and drivers worldwide has been disclosed including names, email addresses, and phone numbers of customers and drivers. The leak affected 57 million Uber users worldwide and involved 174,000 Dutch citizens. When the incident occurred, Uber did not take any immediate measures and notify the affected users. Instead, it chose to pay the hackers 100,000 U.S. dollars and ask the hackers to delete the data to conceal the incident. Finally, it admitted the accident in November 2017.
According to Article 33 of the GDPR, when there is leaking of personal data, the person responsible shall immediately notify the supervisory authority responsible under Article 55 within 72 hours, unless the risk is not big. If it is not reported to the regulator within 72 hours, the reason for the delay must be attached. The report should include the following information:
(a) The nature of the personal data breach, the relevant categories and the approximate number of people, and the approximate number of personal data records;
(b) The name and contact information of the data protection officer or other contact person;
(c) The possible consequences of personal data leakage;
(d) Measures taken to correct violations of personal data protection and to mitigate negative effects.
In this case, Uber failed to report the data violation to the Dutch DPA within 72 hours and didn’t take any immediate correction, which violated the data breach reporting obligation. In response to the incident, the Dutch data supervisory authority on 2018 November 29 lodge a penalty decision of 600,000 euros to Uber.
How to beware of hackers?
Hacker intrusions such as network attacks, password cracking and data leakage are very common in large companies, and hackers’ attack methods are complex and changeable. To beware of hackers, your computer devices must have good defense mechanisms, such as firewalls, DDoS attack protection software, intrusion detection and protection mechanisms, and regular security scans, these mechanisms can guarantee server security.
At the same time, you should avoid browsing unknown websites and be more cautious when you receive emails from unknown sources. You should not click any links indiscriminately to prevent virus intrusion. For more network security information, please contact StormEye.