National Security

Uber’s Data Breach is Going to Affect Cyber Policy on National Level

News of the dire situation for start-up prodigy Uber is building by the day.

Reports detailing the company’s plummeting value have revealed losses of nearly $1.5 billion over the quarter. This represented an increase in losses from the previous quarter which amounted to just slightly over $1 billion.

To make matters worse, it turns out that the company has been involved in some dubious practices. According to recent testimony by a former employee in federal court, Uber had set up special teams to “spy” on competitors and “impede” legal investigations into the organization’s activities. This testimony came as jury selection commenced for the civil trial into allegations that Uber stole trade secrets from Google’s self-driving car spinoff Waymo.

Organizationally, Uber’s situation is precarious as well. The company did not have a CEO last quarter. In order to fill the slot temporarily, Uber appointed former Expedia CEO Dara Khosrowshahi to the top job.

But amongst all of the issues on their plate, the one that may have the most repercussions for both the company and the broader industry, is the recent revelation of Uber’s massive data breach.

A week ago, Uber revealed that at some point in “late 2016,” hackers gained illicit access to company databases. The breach exposed personal information on some 57 million Uber users. Instead of informing customers however, Uber took several steps to keep the incident under wraps. To his credit, temporary CEO Khosrowshahi did not try to make excuses. “None of this should have happened, and I will not make excuses for it … While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said.

However noble these declarations may be, it likely will not be enough to save the company from some very serious repercussions. Capitol Hill has already begun to weigh in.

Recently, a group of U.S. senators sent a letter to Uber’s temporary CEO saying the company’s recently revealed data breach requires further looking-into. In the letter, lawmakers heading some very important senate committees, including those governing finance and commerce policy, chastised the company for concealing the breach and stated that the incident “merits further scrutiny.”

This whole saga is highly reminiscent of the recent Equifax scandal, now widely accepted as being the worst data breach in history. Following news of the breach, it soon became known that Equifax executives intentionally hid the fact that any wrongdoing had occurred. More than two months after the incident, reports of fraudulent use of compromised personal details have started to accumulate.

Due to its enormous consequences, the Equifax incident prompted several senate committees to investigate the breach and the lax security practices that led to it.

In the meantime, investigations by US cyber analysts have only expanded the threat attached to the Equifax vulnerability. Apparently, nine out of ten firms that utilize Apache Struts programs still use the same bugged version that left Equifax systems vulnerable to hackers.

News of Uber’s negligence and cover-up will only serve to reinforce the trend of Congress coming down on large firms and potentially ramping up cyber security standards on a national level.

Samuel Siskind

Samuel Siskind studied intelligence research at the American Military University in West Virginia. He served as a squad commander in the Israeli Defense Force (IDF) Corp of Combat Engineers, in the Corps’ ground battalions and later in its Intelligence Wing at regional and divisional stations. For the past past five years, Samuel has worked as a consultant and researcher on physical and information security issues for private and governmental institutions, in the US, Africa, India, and Israel. He currently lives in Jerusalem.

Join the conversation!

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.