nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
You're such a goober, Uber: UK regulators blast hushed breach

Anonymous Coward

Make TFL argument even more valid

Well, this proves that TFL has a point.

It perfectly fits "Uber as we know it" which is orthogonal to "Fit and proper to run a public service".

So its issues are not one-off errors. They are systemic, endemic and an essential part of the business model.

Remove the "issues" and there will be no Uber. Or no successful Uber (at the very least).

56
0
Silver badge

Re: Make TFL argument even more valid

So its issues are not one-off errors.

I think the Uber experience in several other countries has already made this clear.

36
0

Re: Make TFL argument even more valid

Was a big fan of the whole idea of Uber but these guys need to be shut down now. They had their chance to show what they could do but they've failed at every opportunity given to them. Rapey drivers. Sexisim in the workplace. Devious software in their apps. Top management looking at private files of a rape victim. Top management not giving a shit about their drivers and now keeping quiet about a major data breach. Fuck em.

39
0

No way!

I find it incredibly unlikely that a company like Uber, who are a paragon of morality and ethical conduct, would do anything remotely as deceptive as this.

/sarcasm

35
0

Softbank

I cannot fathom why Softbank want to be associated with this lot. Absolute epitome of the Toxic Brand.

22
0
Bronze badge

Re: Softbank

I cannot fathom why Softbank want to be associated with this lot. Absolute epitome of the Toxic Brand.

It's worth adding they held back from releasing this information until after the Softbank investment had been completed.

23
0

Re: Softbank

Because they think they can make money from/with them ? Toxic $'s are still $'s.

4
0
Silver badge

Re: Softbank

It's not the only one they invested in they put $2b USD in grab, an Asian version of Uber.

2
0
Silver badge

Funny really...

Hail a black cab (which is a regulated environment, and has been more or less for ever) and pay cash and you have total anonymity, and are thus completely unhackable.

Such is progress... I still cannot see any half convincing argument as to why Uber would need a database of its victims passengers.

22
0
Silver badge

Re: Funny really...

The principle reason, as far as I am aware, is so that drivers can rate passengers, in the same way that passengers can rate drivers, so that drivers can avoid picking up people who are likely to be abusive, or violently ill in their car.

The amount of data required for this presumably would be pretty small (an identifier, and a set of ratings), and I wonder what other associated account data Uber actually hold (such as identifying information and billing info), as well as how much of this data they need to hold, and whether it was leaked.

The whole thing does indeed look pretty dodgy - from the fact that Uber didn't 'fess up to the breach at the time, and haven't revealed the nature of the stolen data, to the pretty amazing admission that they paid the criminals to delete the data that was stolen. I can see no way that they could verify that the crims actually did this, rather than taking the money and holding onto / selling the data.

12
0
Flame

Re: Funny really...

'I wonder what other associated account data Uber actually hold'

This is an archive of something published on Uber's corporate blog. It shows that not only do they collect data about their users, they allow people to analyse it and derive information which is none of their business. https://web.archive.org/web/20141118192805/http://blog.uber.com/ridesofglory

...and then they boast about it in their blog. Brilliant.

3
0

Will Uber Go Under?

I can't imagine their customers will support them after this.

6
0

Re: Will Uber Go Under?

Hahahahahaha. Funniest thing I've read all day.

Most of their customers won't know or even care.

Just look at how Talk Talk were largely unaffected by their data breach, or at how many people still use Uber after all the sexism, rape, assault, theft, etc cases.

38
0
Silver badge

Re: Will Uber Go Under?

@ iron: How I wish I could argue that you are writing complete bollocks; trouble is that I strongly suspect that you are completely correct.

Depressing, isn't it...

28
0
Anonymous Coward

Re: Will Uber Go Under?

My neighbours were with Talk Talk and they didn't know about the data breach until I told them, they'd also been targetted by the scammers who had gotten their information from the data breach, thankfully they were switched on and realised during the call that despite the professionalism of the the callers (they were passed on to another 'Talk Talk employee' mid-call) something didn't feel right so they hung up.

They no longer use that incompetant company.

5
0
Silver badge

Re: Will Uber Go Under?

It is a good job they released the information this year, from next spring, if they wait more than 72 hours after the breach to inform authorities and affected persons (individually), they will face fines of up to 4% of their annual turnover (EU Data Protection).

0
0

Penalties are not limited to €20 million...

"...penalties will reach an upper limit of €20 million or 4% or annual global turnover – whichever is higher."

Source: https://www.itgovernance.co.uk/dpa-and-gdpr-penalties

9
0
TRT
Silver badge

I would like to make it absolutely clear...

that Uber did not suffer a data loss event. Uber formed a strategic alliance with a data handling and penetration testing organisation, and the payment to them was a contractual obligation reflecting the level of service provided. As a result of this perfectly normal business relationship, it was not legally required for the company to disclose any breach or data loss because there was no such loss. Thank you.

Do you think they bought it? Wha...? Huh? Oh shit, the microphone's stil.... *click*

24
0

"To Uber":

1. To screw someone over and give an empty, self-serving apology;

2. To hire someone while plotting their demise at the same time (for example, with self-driving cars) and working to reduce their income (for example, with software that secretly reduces their fares).

9
0
Silver badge

Too Many Breaches....

Hi,

This seems to be symptomatic of the businesses in the UK and the rest of the world.

Uber, Equifax, Talk Talk etc., etc., etc.

Hacking/data breaches seem to be too common, and i do not see governments implementing punitive damages towards the companies.

In the UK, organisations have to comply with the Data Protection Act - and it is a twice yearly training course for everyone in the company. The training states that criminal proceedings can be taken against people etc.

Yet, nothing seems to be done, and the regularity of the breaches and no action taken, just makes any law, futile.

Regards,

Shadmeister.

7
0
Anonymous Coward

Re: Too Many Breaches....

Lets see if GPDR changes anything... the EU seem to be a lot more fighty with the likes of Google and Microsoft on other issues, I'd imagine they will be getting similarly heavy over GPDR.

But as you say, other governments on both sides of the pond have tended to let big business get away with murder so far on all sorts of matters.

Its almost as though some in the UK didn't want to come under EU scrutiny isn't it...

7
0
Silver badge
Facepalm

Re: Too Many Breaches....

> Data Protection Act ... a twice yearly training course for everyone in the company.

Really? When I was given the additional duties of Data Protection Officer to go with my tech support role, I wasn't offered any training, just given the registration forms to fill in for the hospital*. Hmm, maybe I should have been organising training for everyone else.

* I spotted that that the Act didn't stop you doing anything evil, e.g. selling patients data, as long as your Registration stated that intention.

5
0

good to see how mucn uber cares about their staff, their customers and companies that work with them. Good to see we matter. This app is good and so is my business

0
0
Silver badge

"the two employees that have been jettisoned from the firm."

Worked for VW at one time?

1
0
Silver badge

Re: "the two employees that have been jettisoned from the firm."

Not really. Billions in fines too.

0
0

Butt Uber is San Fran Happy

By Scott McKenzie:

If you're going to San Francisco

Be sure to wear some flowers in your hair

If you're going to San Francisco

You're gonna meet some gentle people there

For those who come to San Francisco

Summertime will be a love-in there

In the streets of San Francisco

Gentle people with flowers in their hair

All across the nation

Such a strange vibration

People in motion

There's a whole generation

With a new explanation

People in motion

Bend over Uber customers.............

0
2
Silver badge

How about their self driver?

With this approach to IT security, and everything else, what do we think their attitude to bugs in their self driving car software is going to be? Reassuringly trustworthy? I think not...

So I won't be getting inside one.

1
0
Anonymous Coward

Disclosure

Seems that there's no incentive for companies to actually let anyone know about incidents. Maybe the eur20m/4% of global turnover figure should be made the *minimum* fine for a non-disclosed breach.

0
0
Silver badge

US companies

... Equifax and Uber most recently, just don't care about their international responsibilities.

No-one gives them any kind of hard time in the US and seem honestly surprised that little ole UK kicks up such a fuss... still a pitance of a fine (paid out of their investor cash) and its all sorted.

In the same way as Brazil shut down Whatsapp, perhaps the UK could shut down Uber for a few days, nevermind a fine, stop their income here for a little while and they will start to pay attention, or just give up.

The idea of using an app and moving the taxi system into modern times is a good one, there is not just uber who are doing this. The government are always going on about competition so why not shake things up a bit and level the playing field (if you treat data badly, you can't play in our sandpit)... ban Uber for the next two months (missing all those Xmas taxi rides) and they will either come back cap in hand or ditch the UK altogether. Both are better outcomes than a pittance of a fine.

Since their drivers are "self-employed" they can drive for Grab or Lyft or anyone else.

1
0
Silver badge
FAIL

Brand destruction

Epic style

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing