What Your Business Can Learn From Uber

What Your Business Can Learn From Uber's Mass Security Breach

It seems that Uber is still learning from its mistakes, even as it continues to grow at a rapid rate. But for other companies, the security breach provides a few key lessons.

  • By Matthew Walker Jones
  • Jan 08, 2018

Uber is certainly no stranger to controversy. In its relatively short existence, the company has faced protests, regulatory hurdles and been accused of implementing unfair competitive practices. Uber would no doubt argue that some of these incidents are simply part and parcel of being an industry disruptor. When a new player comes along, existing businesses will always try to maintain the status quo.

However, the company’s most recent scandal is anything but expected. Back in October 2016, Uber was hit by a huge cyberattack that resulted in personal information belonging to 57 million drivers and customers being stolen. Worse still, the data breach was only disclosed in November 2018, with Uber paying the hackers $100,000 to keep quiet.

It seems that Uber is still learning from its mistakes, even as it continues to grow at a rapid rate. But for other companies, the security breach provides a few key lessons. So, here are some essential things that your business can learn from the breach.

It can happen to anyone

One thing that is abundantly clear regarding the recent data breach, is that cyberattacks can affect businesses of all sizes. Uber has a $70 billion valuation and has received countless plaudits for the way that it has revolutionised the taxi industry. In fact, the company has become synonymous with disruption through the term “Uberisation.” If Uber can become the victim of a cyberattack, with its immense financial clout, then companies of all sizes are also vulnerable.

Choose your partners carefully

Looking at the Uber breach more closely, it has been confirmed that the stolen data was accessed via a third-party cloud-based service that the company was using at the time. This demonstrates why businesses should be extremely careful when choosing their partners, particularly when they are entrusting them with sensitive data.

Having said that, businesses should not view the breach as definitive evidence that they should store all of their data and manage all of their processes in-house. Working with a respected and experienced cloud provider can help prevent and mitigate the damage caused by cyberattacks.  Sungard AS provides disaster recovery as a service, for example, that can help to identify security flaws, replicate important data and establish a clear communication plan for your employees.

 

Your reaction is important

Uber also demonstrated to businesses in all industries exactly how not to react when suffering a data breach. The company waited more than a year before informing the affected parties that their data had been compromised, meaning that they had no idea that their information was in the hands of malicious actors. What’s more, by attempting to cover up the breach, Uber showed that it cared more about its own reputation than the security of its customers.

 

Now the breach is public, Uber also has to be more forthcoming regarding what customers should do next. The company should make it abundantly clear which official channels customers should use to change log-in details and help them to recognise the phishing emails that have already started to emerge. Sometimes, data breaches are difficult to prevent. Reacting appropriately, however, will go a long way to showing customers, clients and partners that your company takes security seriously.

About the Author

Matthew Walker Jones is a freelance writer in the security industry.

Featured

  • TSA Introduces New $45 Fee Option for Travelers Without REAL ID Starting February 1

    The Transportation Security Administration (TSA) announced today that it will refer all passengers who do not present an acceptable form of ID and still want to fly an option to pay a $45 fee to use a modernized alternative identity verification system, TSA Confirm.ID, to establish identity at security checkpoints beginning on February 1, 2026. Read Now

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities