Uber agreed to pay $148 million to resolve lawsuits stemming from the company's cover-up of a data breach in 2016, in which hackers obtained personal information from around 25 million users and drivers in the United States. The firm was hacked, and hackers targeted data held in a cloud infrastructure owned and managed by a third-party supplier. This put the firm in danger in several ways according to Chappell (2018).
The third party received extensive control over the data from the corporation. The cloud provider was responsible for determining the optimal infrastructure for data protection and carrying out maintenance operations to maintain data security. As a result, they were left in the dark about what the cloud provider did and did not do regarding security best practices. The organization lacked the visibility necessary to keep the data completely safe.
The company would have decided that the data storage would not be on the third party's side. They should have tried a different strategy in which the cloud provider only provides computing power while they store the data in their own managed infrastructure. Companies should use a VPN to protect themselves from hackers. This would have enabled them to apply essential restrictions to the data repositories, ensuring that data was more secure than if it had been stored on a third party's infrastructure.
It is evident that such information concealment violates the transparency principle that the corporation should have applied to us, their consumers. This makes me feel unsafe since the data I have already submitted to the firm might be sold on the dark web, even though I trust the company. As seen by Uber's 2016 breach response, the complexity of determining a corporation's breach notification duties is no protection to corporate officials who purposefully conceal a breach.
Login to join the discussion