Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Uber CEO Knew of Hack for Months (wsj.com)

Posted by msmash on from the horror-at-every-corner dept.

Greg Bensinger and Robert McMillan, reporting for the WSJ: While the massive data breach at Uber didn't happen under the watch of its new chief executive, more than two months elapsed before he notified affected customers and drivers of the incident (Editor's note: the link may be paywalled), people familiar with the matter said. CEO Dara Khosrowshahi learned of the breach, which Uber said happened in October 2016 and affected some 57 million accounts, about two weeks after he officially took the helm on Sept. 5, one of the people said. Mr. Khosrowshahi said he immediately ordered an investigation, which he wanted to complete before making the matter public. About three weeks ago, though, Uber disclosed the investigation and the broad outlines of the breach to SoftBank, which is considering a multibillion-dollar investment in the ride-hailing company, according to other people familiar with the matter. Uber officials, including its chief security officer, knew at the time of the breach that personal information had been accessed. Uber only informed customers and drivers on Tuesday.

3 of 27 comments (clear)

  1. Uber launched a new investigation today by phantomfive · · Score: 5, Funny

    Uber today has announced a new internal company investigation, to discover which part of their company is not operating illegally and unethically.

    "There must be something in there that's good, we intend to find it" said CEO Dara Khosrowshahi, "I mean, even Stalin wasn't pure evil, his mustache was downright luscious."

    Laughter from Andreesen Horowitz was heard to inexplicably ring out all across downtown Palo Alto. Stalin could not be reached for his comment. His grandaughter was too busy wielding firearms, and didn't care.

    --
    "First they came for the slanderers and i said nothing."
  2. Obligation to notify? by JaredOfEuropa · · Score: 2

    Isn't there any obligation on the part of the company responsible for storing this data (i.e. Uber)? In the Netherlands (and from 2018 in all of Europe), companies must report large scale data breaches to the relevant national authorities within 72 hours or they are subject to serious fines. In addition, if the data breach is likely to have an impact on personal privacy, the affected individuals must be informed "without undue delay".

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  3. Consistency by namgge · · Score: 2

    For several years I've found it useful, when wondering what the most immoral approach to any business issue is, to ask "What would Uber do?".

    It's reassuring to learn that this rule-of-thumb works as well for data protection as it does in so many other areas (employment practices, tax avoidance, setting fares, etc.)