Risk Management and Legal Issues: A Case Study of the Uber Data Breach

Verified

Added on 2023/06/03

AI Summary

This essay discusses the Uber data breach, affecting 57 million users, and the company's delayed disclosure. It highlights the accessed data, including driver's license numbers and user's personal information, and Uber's subsequent actions, such as paying the hackers. The essay argues that timely disclosure was crucial for affected individuals to mitigate potential damage. It suggests that proper planning, security assessments, and robust security measures like firewalls and anti-malware software could have prevented or better managed the breach. The essay also references Australian data breach notification laws and advocates for similar implementations to protect personal data and ensure transparency.

Running Head: RISK MANAGEMENT 0
Risk Management
Computer security Risk Management and legal issues
Student Details:
10/18/2018

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Risk Management 2
Risk Management and Legal issues
This discussion is about essential risk management and legal issues related to Uber data breach being one of
huge data breaches in the world. On time disclosure of the data breach is essential to the consumers and
persons whose personal data is breached. A data breach is an act of losing, leaking or stealing any personal
information held by an organisation through unauthorised way 1. Thus, if a data breach contains personal data
of any individual, it must be announced on time so that any serious damage to any of the affected individuals
through data breach can be minimized.
In this context, Uber the ride-sharing firm covered
a huge data breach that affected 57 million drivers
and customers, which has confirmed by the
company. In the late 2016, two hackers had
unethically accessed Uber users’ as well as
drivers’ data which was stored on a third-party
cloud-based service used by the company 2. The
individuals accessed information through
downloaded data files holding personal
information, as follows:
 Data of Drivers: Driver’s license numbers
with their names of above 6, 00,000
drivers of the United States.
 Data of Riders: Personal information
include name, email ID and mobile
number of around 57 million Uber-users of
all over the world, included above
mentioned number of drivers 3.
After the breach, Uber did not expose details of the
breach and it is still unknown that which nations
got affected due to the breach. Still, according to
the Bloomberg’s report, those two hackers also
accessed Uber’s log-in details to Amazon Web
Services (referred as AWS), which is a data
storage cloud computing service used by the
companies.
Later then the hack, Uber took immediate steps to
protect remaining data and close any further
unauthorized access. Uber also recognized the
hackers and paid hackers $100,000 for deleting the
data which was downloaded during the breach 3.
Although, post this big hack, Uber adopted high
security measures to confine access over their
cloud-based storage data. Yet, disclosure or
notification to the consumers or the drivers whose
data was breached should have done on time rather
than concealing the breach information in order to
manage company’s reputation. Those individuals
could take essential steps to reduce the damage
caused by the data breach.
In order to handle the breach better, proper planning
and security assessments must be carried out. As the
hack or data breach could not stop with high data
security, hence this should not have covered up by
the Uber Company. Companies are required to
disclose details of data breach to the regulators as it
has occurred due to company’s own administration
and management failures 2. Additionally, if it will
be disclosed then it will benefit those customers and
users whose data is stolen. Moreover, due to recent
data breach cases, Australian Government took an
initiative to prevent losses of personal info and
money. According to this step, organizations must
report the Office of the Australian Information
Commissioner and all the persons who will be
affected in case personal data is leaked, or stolen.
Hence, same kind of laws and rules should be
implemented in Canada also for the data breach
prevention.
According to the computer security and risk
management guidelines, data breach of Uber could
have prevented, if threats controlling in order to
ensure computer system security of the firm would
have done correctly. Moreover, there are many
controlling measures that can be adopted to detect,
prevent and correct organization online system
threats 4. If Uber used to have proper data security
and protection measures, anti-malware, antivirus
software, and most importantly licensed strong
firewall system to prevent unauthorized access to
the company network, then data breach could have
been prevented or handled in a better way.
References

Risk Management 2
x
[1] Ariel Bogle. (2018) Data breaches: If a company has lost your personal info, they now have to tell
you. [Online]. https://www.abc.net.au/news/science/2018-02-22/-companies-must-inform-consumers-
of-data-breaches/9462170
[2] Dara Khosrowshahi. (2017) 2016 Data Security Incident. [Online].
https://www.uber.com/newsroom/2016-data-incident/
[3] Dave Lee. (2017) Uber concealed huge data breach. [Online].
https://www.bbc.co.uk/news/amp/technology-42075306
[4] K.E. Picanso, "Protecting information security under a uniform data breach notification law,"
Fordham L., no. Rev., p. 355, 2008.
x