Ride-sharing service Uber is being maligned again after the company announced Tuesday that it suffered a massive cybersecurity breach last year. The hack exposed the data of more than 57 million riders and drivers that use the Uber app, one of the most successful tech companies of the past five years.
The cybersecurity incident comes a few months after the Equifax data breach, in which hackers exposed as many as 145.5 million people to identity fraud.
The most disturbing aspect of the Uber data breach
While data breaches have unfortunately part of doing business in this information age, the most disturbing thing about these recent incidents are the timelines: Both Equifax and Uber waited a significant amount of time to alert their customers and users.
In the Equifax case, criminals accessed the Atlanta-based company’s computer system on July 29. The public was not told of the hack until September 7, more than a month later.
For Uber, the breach occurred “late” last year, but we’re just now hearing about it mere weeks before we ring in 2018. These companies aren’t the only ones waiting a while before they tell their customers of security problems.
Yahoo didn’t disclose two breaches it experienced until two years and three years respectively went by, of course for most of that time the company said it was unaware of the hacks.
The delays — at best — seem to signal that companies are still unsure of when and how to communicate bad news to their customers. At worst, the slow responses could show a callous disregard for the personal information of others.
To make matters worse, Uber reportedly said that it paid hackers $100,000 to keep the breach secret.
Of course, there are valid reasons why companies wouldn’t quickly disclose breaches, such as cases where law enforcement agencies is tracking the hackers and want to continue to accumulate info that would lead to a bigger fish, so to speak.
Another reason why companies are slow in reporting hacks is that different states have particular notification processes that must be followed. Forty-Eight states, D.C., Guam, the Virgin Islands and Puerto Rico all have statutes on the books related to breaches, according to the National Conference of State Legislatures website.
And there’s always the explanation that the higher-ups are always the last to know. In a statement, CEO Dara Khosrowshahi, who was appointed in August, said that he too was kept in the dark about the incident.
“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” Khosrowshahi said. “The incident did not breach our corporate systems or infrastructure.”
He said that outside forensics experts haven’t found any evidence to lead them to believe that users’ trip histories, credit card numbers, Social Security numbers or dates of birth were downloaded.
The data that was accessed though includes the names and driver’s license numbers of around 600,000 drivers in the United States. Also, some personal information of 57 million Uber users around the world, including the drivers described above.
What to do if you’ve been exposed to a data breach
At this point, Uber is saying that it has “seen no evidence of fraud or misuse tied to the incident.” But that doesn’t mean anything going forward, as crooks may be able to take out new lines of credit in your name for the foreseeable future.
Unfortunately, consumers exposed to data breaches will have to keep safeguards in place for the rest of their lives.
Sign up for Credit Karma’s free credit and ID monitoring service
To protect your identity, money expert Clark Howard advocates signing up with Credit Karma’s free credit monitoring service.
The service not only gives you unlimited access to your credit reports anytime you need them, Credit Karma also has a identity theft service— all for free. We’ve written about how to sign up for the credit service as well as the plan to monitor your personal info for identity fraud.
The next thing you need to do is to ensure that no one else can open up an account in your name.
Freeze your credit
Clark says that to freeze your credit, you need to contact Equifax. Experian and TransUnion. See our Credit Freeze Guide, which shows you step by step how to go about freezing your credit.
RELATED: How do I freeze my credit?
[anvplayer video=”4172822″ station=”998267″]