The Last WatchDog, November 27, 2017; article by Byron V. Acohido, comments by Willy Leichter;
Uber’s choice to come clean about their breach cover up right before Thanksgiving didn’t keep the news from getting attention before the holiday or after. Their action of bribing hackers and trusting that would ensure their stolen data would be deleted was beyond brazen and difficult to fathom.
Willy Leichter, vice president of marketing at Virsec Systems, a supplier of application security systems, points out, “The $100,000 Uber coughed up was not, by any means, a classic ransomware payoff. Instead it was more of “an attempt to pay hush money to keep a breach secret. Uber’s actions seem particularly naïve and desperate. Accepting a hacker’s assurance that stolen data will be destroyed is both stupid and illegal.”
To ensure companies avoid such pitfalls would be one reason 48 of 50 states have breach notification laws.
“Breach notification laws are clear and specific – any exposure of private customer data must be reported,’’ Leichter noted.
Read full Why Uber’s flaunting of disclosure laws should ignite security regulations
