An estimated 57 million customers and drivers had their personal data stolen by hackers last year in a cyber attack kept under wraps by the private taxi company Uber.
Uber’s Chief Executive, Dara Khosrowskahi, acknowledged yesterday (Tuesday 21 November 2017) that the company had failed to notify regulators and affected individuals and confirmed that it had paid the hackers $100,000 to delete the data and keep the breach hidden.
Mr Khosrowskahi said: “In late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use.”
The individuals were able to download files containing a significant amount of other information, including the names and driving license numbers of around 600,000 drivers in the United States, and the names, phone numbers and email addresses of approximately 57 million Uber users around the world. However, the company declined to notify US regulators or any of those affected by the hack.
The company paid a ransom and only spoke out about the cyber attack after news outlets in the US uncovered the breach. In an extraordinary admission, Mr Khosrowskahi said that whilst Uber had taken immediate steps to secure the data and shut down further unauthorized access by the individuals, the subsequent cover up “should never have happened”.
This latest high-profile hack comes as two individuals in the UK were sentenced to prison terms at the end of last week, in relation to a conspiracy to defraud that saw the pair target law firms, sports clubs and village halls. They are thought to have obtained up to £300,000 in payments, which were made in response to bogus emails sent to the victims in which the fraudsters pretended to be finance directors.
Matt Wigg, of the Met Police’s operation FALCON fraud team, said that “many of the victims linked to this case were tricked into sending money to criminals’ accounts after they were sent a spoof email with change of payment details.”
Both events come amid a continuing rise in online fraud and cyber crime, which is estimated to cost the UK economy £193 million a year.
At Blaser Mills, we have both criminal and commercial experience in this area and often advise on international cases involving cross-jurisdictional issues. We have recently defended complex fraud cases brought by the Met FALCON unit as well providing commercial advice on cyber crime related issues and data security.
Our Financial and Business Crime team will shortly be publishing a useful Online Fraud and Cyber Crime guide and toolkit for businesses, with practical advice on how to avoid falling victim to fraud. The .pdf resources will be available to download free via the Insight section on our website.
Many of our Insight publications are available in hard copy; to request a hard copy of these publications, or to be added to our mailing list for future legal insight and market intelligence, email us on firstname.lastname@example.org