430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

France data protection agency fines Uber 400k Euros Over 2016 Data Breach

France’s data protection agency had fined the ride-sharing company Uber with 400,000 euros ($455,000) over a 2016 data breach. The data breach suffered by Uber in 2016 exposed the personal data of some 57 million clients and drivers worldwide. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and […]

uber data breach

France’s data protection agency had fined the ride-sharing company Uber with 400,000 euros ($455,000) over a 2016 data breach.

The data breach suffered by Uber in 2016 exposed the personal data of some 57 million clients and drivers worldwide.

In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and accessed the personal data (names, email addresses and cellphone numbers) of 57 million of its users, the disconcerting revelation was that the company covered up the hack for more than a year.

The attackers accessed also the names and driver’s license numbers of roughly 600,000 of its drivers in the United States.

The hack happened in 2016, it was easy for hackers that according to a report published by Bloomberg, obtained credentials from a private GitHub site used by the company development team. The hackers tried to blackmail Uber and demanded $100,000 from the company in exchange for avoiding publish the stolen data.

Rather than to notify the data breach to customers and law enforcement as is required by California’s data security breach notification law, the chief of information security Joe Sullivan ordered to pay the ransom and to cover the story destroying any evidence. The payout was disguised as a bug bounty prize complete with non-disclosure agreements signed.

According to the French Data Protection Authority, the company failed to adopt elementary security measures.

uber data breach

In September, Uber agreed to pay $148 million settlement with US States and the District of Columbia.

In November, British (385,000 pounds) and Dutch (600k euro fine ) data protection regulators fined the company with $1,170,892 for the 2016 data breach.

Uber was informed about the breach by the hackers themselves, and the firm paid them $100,000 to keep quiet about their exploit and destroy the data.

“After the incident and in the following years we made several technical improvements to our security,” said an Uber spokeswoman.

“We have also made important changes to our management to insure transparency with regulatory authorities and clients,” she added.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, 2016 data breach)

[adrotate banner=”5″] [adrotate banner=”13″]