Uber has released information about the data breach that occurred last year, first reported by Bloomberg News in late November. In October 2016, hackers illegally accessed e-mail addresses and phone numbers as well as the license numbers of about 600,000 drivers. Ultimately, the information of over 57 million users was compromised. According to Forbes, as well as a blog post by Uber CEO Dara Khosrowshahi, Uber officials were aware of the hack but neglected to inform the public.
Also in November, the company admitted to paying the hackers US$100,000 (CAD$125,000) to destroy the compromised data and keep quiet about the breach. After being contacted by the hackers, Uber urged them to join the company’s “bug bounty” program—a program that pays individuals to find flaws in the company’s software. The hackers agreed to join the company and Uber asserts that the stolen information has been destroyed.
Khosrowshahi has stated that discovery of the company’s cover-up resulted in the termination of two employees who led Uber’s response to the hack. The company’s Chief Security Officer, Joe Sullivan, and a deputy, Craig Clark, have been fired for their role in handling the incident. Sullivan, formerly the top security official at Facebook and a federal prosecutor, served as both Security Chief and Deputy General Counsel for Uber. While Khosrowshahi has stated that he only recently learned of the hack, others close to the company claim he knew about it since becoming CEO.
Despite its string of scandals, Uber remains the world’s largest ride-hailing service. The company has a history of failing to protect account data; in 2014, hackers also stole data about Uber drivers. Consumers as well as business experts have stated that such a lack of data security, coupled with issues of workplace sexual harassment, drivers with criminal records, and other past infractions, may be enough for users to delete the app. In the past, although riders have left the service, the company has been able to make it through these scandals.
However, all these problems have seriously damaged Uber’s reputation. Robert Passikoff, President of Brand Keys Inc., a New York-based customer research firm, polled consumers and found that in 2015, Lyft surpassed Uber as the most trusted ride-hailing brand. Trust in Uber has been eroding ever since, and the company needs to take action towards protecting data in order to gain consumer confidence.
With multiple scandals in the past, the company needs to rebuild its brand in a positive light. In the wake of this latest scandal, numerous government investigations have been initiated. Authorities in Britain and the United States, two of Uber’s top markets, as well as Australia and the Philippines, said that they would investigate the company’s response to the data breach. British law carries a maximum penalty of £500,000 (CAD$850,000) for failing to notify users and regulators when data breaches occur.
Where technology companies always face the danger of being hacked, the future of Uber is uncertain. While the hack itself was of concern, what is more alarming is how the company chose to handle the incident. While Khosrowshahi has acknowledged that it was not dealt with properly, only time will tell how or if the company will be penalized.
Uber has changed the way individuals look at taxi or ride-hailing services. It went against the norms of taxi services and was able to build a large consumer base. Consumer loyalty, however, can erode quickly, especially when the company has not taken adequate steps to protect private information. To maintain market share, Uber will need to invest more heavily in data protection, which will aid in building a more positive reputation moving forward.