57 million individuals' data stolen and technology company held to ransom

Synopsis

In November 2017, (new) CEO Dara Khosrowshahi disclosed a cyber attack suffered by the company in October 2016 which breached the personal information of 57 million customers and drivers. Khosrowshahi said "none of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes". For background, the company's former CEO had resigned in June 2017 due to the 'toxic' corporate culture he had overseen.

As part of the company's disclosure they revealed that the hackers responsible had been paid $100,000 to delete the data and keep the breach quiet. Subsequently, the company were accused of concealing the breach and criticised for failing to notify the individuals affected and regulators. In the fallout during 2017, two employees responsible for the 2016 incident response were fired by Khosrowshahi.

The company agreed to pay a $148 million settlement for the breach in September 2018 and later that same year, several European data protection agencies imposed fines also related to this breach.

The company entered into a non-prosecution agreement with the Federal Trade Commission (FTC) in July 2022 and officially accepted responsibility for hiding the data breach. They also agreed to cooperate in the prosecution of their former chief security officer charged with obstruction of justice for trying to hide the data breach from the FTC.

In October 2022, the company's former chief information security officer was convicted of federal charges for hiding this breach in what WIRED described as "a rare criminal consequence for an executive’s handling of a hack".

Free consultation

Want to discuss this case? We're offering a FREE 20 minute phone consultation with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:

Companies

  • Uber Technologies Inc.

We've done the analysis so you can make the decisions

$489.99
When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here