Change and Configuration Management CONFIGURATION MANAGEMENT INTELLIGENT CHANGE CONTROL

It was announced today that ride-sharing giant Uber will pay $148 million and tighten the company’s data security protections after failing to notify drivers that hackers had stolen their personal information.

Back in 2016, hackers accessed the personal data belonging to 57 million Uber users and instead of notifying the authorities and the public, Uber hid the evidence and paid a $100,000 ransom demand to ensure the data would be destroyed. Hackers had access to the names, email addresses, and phone numbers of customers, but even worse, the names and driver’s license numbers belonging to 600,000 of its U.S. drivers. The breach ended up going public in 2017 and the immediate response from the U.S. Government ranged from hefty legal fines to possible jail time for those who covered up the incident.

Now almost a year since the breach went public, a settlement was agreed upon by all 50 states and the District of Columbia and the settlement will be divided to the states based on the number of drivers each has.

“This is one of the most egregious cases we've ever seen in terms of notification; a yearlong delay is just inexcusable. We're not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches” claims Illinois Attorney General Lisa Madigan. She claims that Illinois share for this settlement is $8.5 Million and that drivers impacted by this breach will each receive $100.

In addition to these penalties, Uber is also required to comply with state consumer protection laws safeguarding personal information and to immediately notify authorities in the case of a data breach moving forward. The settlement also requires the company to establish methods to protect user data stored on third-party platforms and create strong password protection policies. There’s simply no excuse to willfully ignore these cybersecurity best practices with weak breach detection capabilities in place.

For organizations looking to protect against the most dangerous attacks, we suggest implementing the CIS Controls, but first, focus on the Basic controls, Controls 1-6. These controls are a must for every organization looking to prioritize what actions must be taken first in order to defend against today’s most dangerous attack methods. These controls combine key security concepts like Continuous Vulnerability Management and Change and Configuration Management into a set of actionable controls that can be used to achieve better overall cybersecurity defense.

NNT solutions alone can help you satisfy these first six controls, including the Foundational (CSC 7-16) and Organizational (CSC 17-20) Controls.

To learn how NNT addresses the CIS Controls, download our CIS Controls Solution Brief

 

Read this on SecurityWeek

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.