Ride-share giant Uber announced in late February that it had identified a point of entry accessible by unauthorized users in one of its databases. After investigating further it was revealed that an unidentified third party had managed to infiltrate the company’s network on May 13, 2014, compromising employee names and drivers license numbers.
“We discovered in September that information allowing someone to access the database had been available without intended access restrictions,” read a notification from Uber to its drivers. “We immediately ensured that the database was no longer accessible using that information and have taken additional safety measures to protect your information.”
According to Katherine Tassie, Uber’s managing counsel of data privacy, approximately 50,000 drivers in multiple states were impacted by the breach. So far the company has received no reports of identity theft or fraudulent activity, but that may change in the days to come. While the event was disclosed only recently, it occurred in May of last year and Uber officials initially discovered the breach in September 2014. The large amount of lag time between the discovery and the announcement is troublesome to some industry experts.
Insufficient security becoming a bigger enterprise hazard
The timing of the revelation isn’t helpful to the company, either, as it is currently under intense scrutiny from investors, consumers and regulators. Uber is fighting off competing ride service Lyft while attempting to branch into a wider variety of markets in the Asia Pacific and European regions. At the same time, Uber is making a large push for fundraising to support these efforts, and investors likely won’t be keen on giving money to a company that just announced it has weak cybersecurity and didn’t announce it for months after finding out.
As evidenced by the dramatic increase in data breaches in 2014 and the first few months of 2015, enterprises are beginning to experience much greater threats to their security than ever before, and it can be costly to the business. Between fines for failing to meet compliance requirements, lawsuits from employees affected in the breach and a loss of customer loyalty, suffering a malicious intrusion can have lasting consequences.
In order to protect against such an event, companies need to implement reliable security solutions. Anti-Virus software from Faronics allows organizations to protect against malicious actors by employing multiple defense techniques, including firewalls, anti-rootkit, anti-spyware and Web filtering. Large scale attacks are only going to become more common, so utilizing a layered security approach that offers defense solutions for multiple endpoints is the most reliable way for organizations to protect their valuable data.