7 April 2023
Scanning the headlines recently, I came across the headline “Uber suffers another data breach…” A quick search for Uber breach related news leads me to several articles. Each article portrays things slightly differently. For example, the same story has a headline that reads, “Breach Roundup: Uber, Nebu and Oakland, California” , “Uber driver info stolen yet again..” and just one article that leads with, “Law Firm for Uber Loses Drivers’ Data to Hackers in Yet Another Breach.”
There were several more articles but most of what came up in the feed mentioned Uber and data breach as if it was Uber’s responsibility. It was Uber’s responsibility since the law firm that was reportedly retained by Uber, Genova Burns, is a third party for Uber Technologies Inc.
What really stands out to me is:
- Exposure was limited – this reportedly affected 10 residents of Maine https://apps.web.maine.gov/online/aeviewer/ME/40/7727ef33-24df-4686-97d0-7c3fb6d3cc22.shtml
- The news headlines piled on and assigned the breach to Uber in the Court of Public Opinion
- 10 records is far below the threshold for many companies when it comes to risk management. But is that a good idea? Is the reputational damage suffered also below the threshold that should be looked at?
- Lawfirms – I’m told they should have better security since they deal in sensitive personal data day and day out. But are they playing the odds with your data? Is there room in the legal industry for information security improvement that’s also cost effective?
- Uber Technologies Inc is maintaining the norm where a company that gets breached is far more likely to get breached again in a short time. https://www.zdnet.com/article/got-hit-by-a-cyber-attack-hackers-will-probably-come-after-you-again-within-a-year/
You can read the articles here:
https://www.bankinfosecurity.com/breach-roundup-uber-nebu-oakland-california-a-21640
https://www.darkreading.com/attacks-breaches/law-firm-uber-loses-drivers-data-hackers-breach