Posted by Hongkun Ma.
On Nov. 22nd, the ride-hailing app company Uber Technologies Inc. paid hackers $100,000 to conceal an incident that Uber revealed 57 million users’ personal information like names, phone numbers and addresses around the world. 600,000 Uber drivers’ license numbers also were released.
Whether the incident violated state law is being investigated by five state attorneys general: New York, Washington, Missouri, Connecticut and Massachusetts. Forty-eight states have laws that customers have right to know a company’s data breach and will impose fines if company violates them. For Uber, the incident has been so complicated, which lost the trust of millions of customers.
The incident reflected how a data breach can trigger responses from mass of regulators and enforcement agencies, and how a private company can have flexibility to deal with this kind of things. International regulators investigated the incident right away and data protection officers from throughout the European Union announced a task-force to look into the incident. Experts indicated that Uber had more flexibility in the way it report the incident, which can be reported as a security incident, because Uber is a private company. Uber is facing crisis of confidence and it’s difficult to win back the trust of their huge numbers of customers.
Finally, I would like to give some of my opinions. Uber is a private company, which is a third party between customers and taxi drivers. In China, Uber Company is almost monopoly. When it came into China market at the very beginning, most customers were attracted by its low price, which sometimes were even free to take a taxi. Uber gained a huge customer base from the beginning. Later, customers found Uber was not as cheap as before. It became more and more expensive, sometimes was more expensive than regular taxi. The strategy actually made the company lose some of their customers, but most customers stayed. And many customers found that Uber keeps ride details in their system for so long. Some of customers received messages that contained their personal information like history location, ride history or even private residences. From my perspective, it is possible that Uber sold customers’ personal information to third-party companies which would look for visits to key locations, such as particular market, meet-up events, café and so on.
The incident of Uber Company that they concealed the cybersecurity problem really violated law from state level, and not federal. For Uber, the challenge quickly became more complicated and needed to be handled.A company’s reputation can be easily built up and destroyed. And how to win back the trust of customers is becoming a really hard task for Uber Company.
Hongkun is an accounting major at the Stillman School of Business, Seton Hall University, Class of 2019.