Uber had both the legal and social obligation to inform governments and customers of the attack
Source: OAK Consulting for Mimecast , Author: Posted by BI-ME staff
Posted: Thu November 23, 2017 12:24 pm

UAE.  Following on the news that taxi app company Uber admitted a data breach affecting 57 million customers and drivers from around the world and paid the hackers $100,000 to delete the stolen data,  Dan Sloshberg, cyber resilience expert, Mimecast commented.
 
“Uber had both the legal and social obligation to inform governments and customers of this attack, and the fact the company chose to pay hackers and hide the massive breach is shocking. Pretending that an attack hasn’t happened, or quietly paying attackers off only emboldens perpetrators further.

“With the General Data Protection Regulation (GDPR) coming into effect in May 2018, businesses must report breaches within 72 hours or face crippling fines much bigger than what Uber paid to hackers.

“Businesses need to realise that the impact of breaches can be very serious - with knock-on effects on the organisation itself, employees and customers. To combat threats and ensure they remain compliant ahead of the GDPR, organisations must invest in minimising their risk appropriately with an appropriate cyber resilience strategy.

"This should also include a plan if something does go wrong.”

Photo Captions:
1. (above)  Dan Sloshberg, cyber resilience expert, Mimecast
2. (inset)  For illustrative purposes only (File photo)

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: September 21, 2018
UAE. Analysts to explore AI developments and influence on businesses at the Gartner Symposium/ITxpo 2019, March 4-6 in Dubai, United Arab Emirates.
date:Posted: September 20, 2018
UAE. Research from Aruba and Ponemon Institute shows security teams view Machine Learning and network visibility for users and IoT devices essential for battling stealthy threats inside IT infrastructures.
date:Posted: September 19, 2018
UAE. Few are confident in spotting security risks and vulnerabilities in DevOps operated public cloud environments.
dhgate