Uber had both the legal and social obligation to inform governments and customers of the attack
Source: OAK Consulting for Mimecast , Author: Posted by BI-ME staff
Posted: Thu November 23, 2017 12:24 pm

UAE.  Following on the news that taxi app company Uber admitted a data breach affecting 57 million customers and drivers from around the world and paid the hackers $100,000 to delete the stolen data,  Dan Sloshberg, cyber resilience expert, Mimecast commented.
 
“Uber had both the legal and social obligation to inform governments and customers of this attack, and the fact the company chose to pay hackers and hide the massive breach is shocking. Pretending that an attack hasn’t happened, or quietly paying attackers off only emboldens perpetrators further.

“With the General Data Protection Regulation (GDPR) coming into effect in May 2018, businesses must report breaches within 72 hours or face crippling fines much bigger than what Uber paid to hackers.

“Businesses need to realise that the impact of breaches can be very serious - with knock-on effects on the organisation itself, employees and customers. To combat threats and ensure they remain compliant ahead of the GDPR, organisations must invest in minimising their risk appropriately with an appropriate cyber resilience strategy.

"This should also include a plan if something does go wrong.”

Photo Captions:
1. (above)  Dan Sloshberg, cyber resilience expert, Mimecast
2. (inset)  For illustrative purposes only (File photo)

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: December 13, 2018
UAE. Data scientists are brought in by businesses to find solutions to their problems but both sides need to be prepared for failures and hidden opportunities along the way.
date:Posted: December 12, 2018
UAE. Latest ESRA detected incumbent email security systems are leaving organizations vulnerable.
date:Posted: December 12, 2018
UAE. Less than 15% of shoppers completely trust retailers to protect personal data.
dhgate