What Uber’s Latest Data Breach Means to Your Business Data Security Measures

Data breaches happen with alarming regularity. Data security should be at the top of every company’s list of priorities, no matter how big or small your organization is. In 2022 alone, there were over 4,100 publicly disclosed data breaches, resulting in the exposure of around 20 billion records.

It’s essential that you take every precaution to protect your business against potential data breaches. In fact, the recent Uber data breach is a stark reminder that no business is safe from online threats.

Person's hand holding a smartphone with the Uber logo on the screen with cars on a city street in the background.

The Uber Data Breach

Uber is no stranger to data breaches. In 2016, the ride-hailing giant experienced its first major data breach, which exposed the personal information of 57 million users. The breach occurred when hackers gained access to data stored in third-party cloud storage. It was such a massive public relations disaster that the CEO was not only fired, but was found guilty in federal court for having attempted to cover up the incident.

The latest incident occurred when an Amazon Web Services (AWS) cloud server that was being used by a third-party vendor working with Uber to provide asset management and tracking services was hacked. Following the breach, the hacker that perpetrated the attack began to post the data they stole on a well-known hacking forum.

This time around, no user information was leaked. However, a massive amount of corporate data was leaked, including the personal information of 77,000 Uber employees. This information included their full names, email addresses, work location details, as well as the serial number, make, and models of the cars being used.

Why Are Companies Like Uber So Vulnerable To Data Breaches?

Arguably, the biggest issue with companies like Uber is that they spend a lot of money and time securing access to sensitive data within their organization. While every business should certainly secure access within their organization, the problem is that they aren’t securing third-party access to their internal data with the same level of scrutiny and caution.

This is especially true with companies like Uber that employ third-party vendors to provide services such as asset management or tracking services. These third-party vendors are getting the same access as employees, but with fewer security measures to protect the data they are accessing.

Cybercriminals are well aware of this, which is why they regularly target third-party systems that will allow them to access any data in those systems even if they belong to other organizations, like Uber.

Companies can lessen the chances of this happening by prioritizing their cybersecurity measures, especially when it comes to their third-party vendors. Businesses of all sizes can map their organizational capabilities as well as security controls to potential attack scenarios. They can then measure how prepared they are to detect vulnerabilities and data breaches, prevent them, and respond to them. More importantly, if you’re providing third parties with access to your data, you need to monitor their cybersecurity measures on a regular basis to make sure they are up to par.

Take Steps To Prevent Data Breaches

Not only can a data breach destroy your reputation and harm your customers, but it can also lead to legal action if the breach involves private information. The best way to combat potential cyber threats is to develop a comprehensive cybersecurity plan and educate your employees on security best practices.

Additionally, check into any third-party vendors you may be working with to ensure they are complying with your organization’s data security policies as well.

Most businesses are not prepared for a data breach. AccuShred offers CSR Readiness Pro which includes a proactive risk self-assessment and a reactive Breach Reporting Service. Once you have identified the potential gaps in your cybersecurity measures through the self-assessment tool, you can further develop your organization’s protocols to increase your data security both on and offline.

Contact us today to learn more about how we can keep your data security measures in check.