Uber’s Security Breach In 2016, Also Affected Colombia. Possible Fine Imminent
Uber is a startup that changed how we treat ride-sharing and taxi service forever, a commendable achievement for a company that is new in the transportation industry. However, as we have witnessed and we continue to report here in Hackercombat.com, Uber has its fair share of cybersecurity issues and IT issues in general. September 28, 2018, when we reported that Uber is set to pay $148 million in fines due to the 2016 security breach in their system. A month later, on October 26, 2018, we reported about the indictment of the alleged two hackers behind the Uber hack. The next month, November 29, 2018, fines imposed by the UK and Dutch governments against Uber for 1.1 million each.
As Uber does not employ the ride-sharing drivers, data security cannot be fully realized and data breaches have many opportunities to happen. These drivers also hold their customers’ data on their own personal devices and this fact creates a wide attack surface for cybercriminals to operate. Aside from the UK and the Netherlands, other countries where Uber operates are starting to question the cybersecurity readiness of the ride-sharing company. Colombia, for example, has announced an ultimatum for Uber, four months to improve the security of their service.
This came from the fact that the 2016 hacking incident also affected 267,000 Colombian customers. The earlier $148 million fine was for U.S. customers only, and according to the result conducted by the Colombian government. Uber’s operation in the country is considered illegal. Ride-sharing is not legally franchised in Colombia, hence Uber’s business in the country is considered an underground operation though many Colombians are patronizing the business due to convenience.
The Colombian Superintendency of Industry and Commerce provided the timeline of 4 months, the said government agency highlights the need for Uber to show evidence that information of customers cannot be accessed by non-authorized users. As a reply, Uber made a commitment to thoroughly review their protocols and development of system-specific only to Colombia in order to increase security and reach an acceptable level of privacy.
The Colombian government itself reiterated that no government agency will be the certification authority with regard to determining if Uber will comply with its commitment. That job will be delegated to an independent 3rd party. Improvement of process, the entire security program will be good for the next 5 years. Improvements of the protocols are underway with a renewed vigor to deliver what Uber promised to the Colombian government.
“(We will) implemented various technological improvements to the security of our systems. We have also implemented significant changes in our corporate structure, to ensure the respective transparency in front of regulators and users in the future,” explained Uber Colombia.
Hopefully, with these hinted improvements, data security will reach a safer level, closing the loopholes in Uber’s system to finally prevent a data breach in the foreseeable future. Uber Colombia announced that it is ready to spend $40 million for the next five years to improve customer-Uber relations, especially security the personally identifiable information that customers entrusted to the ride-sharing company.