Following Uber's recent disclosure that it suffered a major data breach in 2016 and paid hackers to keep it under wraps, the UK Information Commissioner's Office (ICO) has announced the launch of its investigation into the incident.
GCHQ's National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) will also be looking into the breach that exposed the personal data of 50 million Uber riders and drivers with a spokesperson for the government agency highlighting the severity of the breach and its subsequent cover-up, saying:
“Companies should always report any cyber attacks to the NCSC immediately. The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim. We are working closely with other agencies including the NCA and ICO to investigate how this breach has affected people in the UK and advise on appropriate mitigation measures.”
While no financial details appear to have been compromised in the breach, the fact that Uber tried to conceal its details to its customers, employees and especially the authorities raises a great deal of concern regarding the company's ethics and how it manages sensitive data.
The ride-sharing company will likely be fined for failing to disclose the breach but it could also face legal claims from the riders and drivers affected by it.
Hopefully other organisations will learn from Uber's mistakes and report any data breach that occurs in the future in a prompt and timely manner.
Image Credit: Freestocks.org / Pexels