In late 2016, a major breach incident occurred in the Uber system whereby sensitive personal identification details stolen. Notably, the breach executed by two hackers who hacked and exposed driving licenses and other information of 600,000 drivers, and also 57 million users of Uber app affected with their names, email address and mobile contacts disclosed. Even though an investigation showed that hackers did not manage to disclose credit cards and social security numbers, UberAWS account hacked too, and username and passwords were stolen. The management did not notify the affected people and the public of the breach for about one year; this further exposed the victims to more risk of fraud. Again the Uber management did not alert security agencies as required to conduct a thorough investigation of the incident. The administration finally negotiated with hackers and paid a huge amount of money for hackers to destroy the data stolen, something that Uber could not verify whether the data was destroyed. The breach potentially affected stake transaction Uber did with Softbank.
The event at Uber closely relates to CLO ethical issues and management of e-business security issues because of Uber in an established global firm that offers transport services. The firm, therefore, has an online system “Uber app” that customers use thus customer and driver private data stored in the system. The company failed to institute robust security measures for the information stored in their system. Username and password should not be stored in the same site for obvious reasons. As a manager, I would use the incident as a lesson to ensure a system safety through creating of cybersecurity policy for an organization. A cpolicy defines who should be held responsible and the mitigation measures implemented. For example in a healthy organization, patient information should be protected whereby all nurses and doctors in charge sign an information security policy and consequences of exposure. Again, in case of exposure, the manager should be notified immediately to mitigate the damage caused.
Singh, T. (2012). Emerging Challenges to Cyber Security-Internet Monitoring with Specific reference to National Security. International Journal Of Scientific Research, 1(2), 129-131. http://dx.doi.org/10.15373/22778179/jul2012/44