A series of hacks and data breaches have made the headlines in 2017. Last week, Uber, one of Londoners’ favourite services, revealed a massive data breach. We wonder, if companies like Uber are victims of serious data breaches, how cyber vulnerable are we?
On Tuesday, 21, Uber revealed it fell victim to a massive data breach, compromising personal information of 57 million users and drivers.
The hack had happened in October 2016, but it was only this November that the company acknowledged it failed to notify customers, drivers and regulators. Bloomberg revealed that Uber paid the cyber criminals $100,000 at the time to destroy the data.
“None of this should have happened, and I will not make excuses for it,” Uber’s CEO, Dara Khosrowshahi, said in a statement. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Hackers got access to millions of personal data such as names, email addresses and phone numbers. Uber says sensitive information such as credit card numbers, bank accounts and location were not compromised.
Yet, as we become ever more reliant to our phones, we ask ourselves how much can we trust apps and online platforms?
What about our online shopping?
If you are an Amazon or Asos freak, you might wonder what would happen with your card details, if these companies were hacked. There is good reason to be concerned, as the Telegraph reported that the number of online retailers hit by cyber attacks doubled in the last year.
Authorities have recognised the need to step in and impose regulation on companies handling customer information.
Two important pieces of legislation are coming into force in 2018 as attempts to prevent cyber-attacks and to maximise customers protection: PSD2 and GDPR.
The second version of the Payments Services Directive (PSD2) addresses vulnerabilities within payment providers – which is a susceptible sector due to the type of information they handle.
The General Data Protection Regulation (GDPR), valid from May 2018, imposes a series of security measures and stricter fines for companies who do not comply with the regulations. With one of the measures being that companies have 72 hours to notify authorities in the case of a breach.
If the GDPR was already in place, Uber could have been fined 20m€ (£17.75m) for not notifying users and authorities, said cyber law barrister Dean Armstrong to Campaign Live.
Armstrong also told Campaign Live that the greatest price Uber will have to pay is the loss of its reputation.
Indeed, the announcement appeared in the media towards the end of a tough year for the ride hailing app. In May, the company admitted it had underpaid drivers in New York for years and, in September, Uber lost its licence to operate in London.
Be safe online:
If you have an account in a company which has been hacked, such as Uber, change your password immediately
Always keep your systems updated with their latest versions
Do not use the same password for different logins
Make sure your password cannot be easily guessable – the best way is to use random words and include capital letters, numbers and symbols
Words: Pamela Machado | Subbing: Lotta Behrens
Read more about Uber: