At first glance the announcement of a data breach involving data from 57 million drivers and customers of Uber is a case of more of the same: there have been much bigger breaches over the last few years. However, the revelation that the company didn’t acknowledge the breach for a year, opting instead to pay a ransom to hackers, makes the story of real interest. Here in the UK, the Information Commissioner’s Office has expressed “huge concerns” about this lack of openness; and there has been an angry backlash from those who may have been affected by the breach and are now wondering what has happened to their personal data over the last 12 months. The decision to pay a ransom is particularly hard to fathom, and potentially the most damaging aspect, escalating the discussion beyond information security into a debate about the ethics and judgement of the firm’s senior management. We shall follow this story with interest…..
Uber Admits Data Breach a Year Afterwards
Share the Post:
Helen Molyneux is the founder and director of Cambridge Risk Solutions. A certified Lead Auditor for ISO 22301 and ISO 27001, she has spent nearly two decades helping organisations across the public and private sectors build genuine resilience — not just documented compliance. She writes from practice, not theory.