When you hitch an Uber ride to a bar or a restaurant, you can never be sure where your data will end up. Tens of millions of Australians found that out the hard way, when their credentials fell into the hands of hackers.
In 2017 it was discovered that hackers had stolen data from 57 million Uber customers around the world. 1.2 millions of these users were Australian citizens.
Hackers used employees' usernames and passwords from previous breaches to access their GitHub repository. This allowed them to reach the account records of users and drivers. Uber paid a ransom of $100,000 to hackers, on the condition that they delete the stolen info. Moreover, Uber concealed the facts of the case and didn’t warn its users about the breach for almost a year.
Uber was fined over the incident back in 2018. Now, following further deliberations, the Australian Privacy Commissioner has issued a brutal condemnation of Uber's shortcomings in the case. They've accused the company of failing to take proper preventative measures to protect the personal data of Australian citizens, and of breaching Australia’s Privacy Act of 1988.
In response, Uber stated that it had learned from its mistakes. Going forward, the company promised to improve its security, as well as creating a proper data retention and destruction policy.
This wasn’t an isolated incident, sadly. Uber’s record is patchy when it comes to data management:
The Australian case is nothing extraordinary; there have been many data breaches in the past. It just proves once again that large corporations don’t always protect your data.
The fact that the company is large and profitable doesn’t automatically mean that it undertakes proper security measures. So, instead of trusting others, make sure to protect yourself properly. Here are some tips:
Want to read more like this?
Get the latest news and tips from NordVPN
We value your privacy