Back in 2016, hackers accessed the personal data belonging to 57 million Uber users and instead of notifying the authorities and the public, Uber hid the evidence and paid a $100,000 ransom demand to ensure the data would be destroyed. Hackers had access to the names, email addresses, and phone numbers of customers, but even worse, the names and driver’s license numbers belonging to 600,000 of its U.S. drivers. The breach ended up going public in 2017 and the immediate response from the U.S. Government ranged from hefty legal fines to possible jail time for those who covered up the incident.

Now almost a year since the breach went public, a settlement was agreed upon by all 50 states and the District of Columbia and the settlement will be divided to the states based on the number of drivers each has.

“This is one of the most egregious cases we've ever seen in terms of notification; a yearlong delay is just inexcusable. We're not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches” claims Illinois Attorney General Lisa Madigan. She claims that Illinois share for this settlement is $8.5 Million and that drivers impacted by this breach will each receive $100.

In addition to these penalties, Uber is also required to comply with state consumer protection laws safeguarding personal information and to immediately notify authorities in the case of a data breach moving forward. The settlement also requires the company to establish methods to protect user data stored on third-party platforms and create strong password protection policies. There’s simply no excuse to willfully ignore these cybersecurity best practices with weak breach detection capabilities in place.

For organizations looking to protect against the most dangerous attacks, we suggest implementing the CIS Controls, but first, focus on the Basic controls, Controls 1-6. These controls are a must for every organization looking to prioritize what actions must be taken first in order to defend against today’s most dangerous attack methods. These controls combine key security concepts like Continuous Vulnerability Management and Change and Configuration Management into a set of actionable controls that can be used to achieve better overall cybersecurity defense.

NNT solutions alone can help you satisfy these first six controls, including the Foundational (CSC 7-16) and Organizational (CSC 17-20) Controls.

Read this on SecurityWeek

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.