CASE STUDY: UBER ANNOUNCES NEW DATA BREACH AFFECTING 57 MILLION RIDERS AND DRIVERS

INTRODUCTION

What is the write-up all about?

Uber is a ride-hailing firm that developed an Uber Mobile App, which can be downloaded from
Apple's App Store or Google's Play Store, that allows users of the platform to request a trip and
automatically sends your location to an Uber driver nearby. The Uber app is not just famous for
providing rides. However, it also offers delivery services, allowing users to ship and receive packages, or
a user can also request delivery food from their favorite restaurant via Uber. The app collects
information to create an account for new users, such as email addresses and phone numbers for rides to
use the app. The information you provided will help to locate the whereabouts, identify, and contact the
customer while becoming an uber driver, the person must provide a copy of their driver's license and
other required documents. In 2015, Uber is increasing popularity in the United States, with 327,000
active drivers on the road, more than double the number of 160,000 giving trips in December 2014
(Carson, 2015). According to Bloomberg News, Uber Technologies Incorporated disclosed that hackers
obtained the personal information of around 57 million riders and drivers. The news outlet also reported
that the company executives initially paid the hackers $100,000 to erase the data and keep the data
breach quiet for more than a year, which was discovered in 2016 (Norton, 2021).

What technology-related issue/s is/are apparent?

Poor data security (Privacy Issues)

According to Mr. Dara Khosrowshahi, Uber's Chief Executive Officer, stated in a news release on
Uber's website that there were two individuals who did not work for the company gained access to the
data on a third-party cloud-based service that Uber operates. The stolen data included the names and
driver's license numbers of approximately 600,000 drivers in the United States. Aside from driver's
license numbers, the names, e-mail addresses, and mobile phone numbers of all 57 million Uber riders
and drivers were infiltrated. The firm stated that according to the forensics expert that the numbers of
the Uber users bank account, social security, credit cards as well as its trip location history and dates of
birth were not downloaded by the hackers. The Uber declared for Uber riders, upon inspecting there is
no evidence of fraud or misuse tied to the incident and there is no need to take action, the firm also
added that they are handling the affected accounts and flagged them for additional fraud protection.
 STATEMENT OF THE PROBLEM

What possible impacts or problems may arise in conjunction with the data breach?

With stolen data from Uber riders and drivers, identity theft may occur, which can be used in a phishing
attack to mislead customers into providing personal information such as account credentials or credit
card information. Since the Uber app has users' data of their location and identity, if cyber criminals
obtained the trip histories and other sensitive information of the user, it would threaten the individual's
safety; they could be targeted for house break-ins or attacks at any time of the day. A data breach in
Uber may jeopardize the firm's financial data, financial bottom line, reputation, and information records;
the company may also face long-term effects, such as loss of consumers' trust, if not addressed
promptly.

SOLUTIONS

How can Uber Technologies, Inc. and other similar businesses prevent such from happening again?
What measures can you recommend?

1. Train and Educate Employees for Security Awareness

When developing data privacy and security rules for a company, it is necessary to teach and educate
staff for the security policies to be implemented appropriately.

These are the security policies that employees need to be knowledgeable of:

 Establish a data policy outlining how personnel should manage, delete, retrieve, and transmit data.
 Creating unique passwords on computers and other devices that are used for work.
 Develop a documented system for departing employees and third-party users/contractors
(passwords, key cards, laptop access, etc.)
 Train the staff to report immediately suspicious data security leakage or data security breaches

2. Limit access of company’s data.

When most employees have access to crucial data, a corporation is endangered. Suppose
thousands of employees can log into a system that holds personal information about the company, its
employees, partners, etc. In that case, there is a greater risk of a data breach in the organization, which
could be a weak link in the chain. The risk of data breaching can be reduced if the organization limits
worker access and assigns only authorized personnel to view critical information.

3. Monitor and Enhance General Security

A company can build firewalls, Virtual Private Networks (VPN), traffic monitoring and restriction,
and security update is a big step to make a difference in the company’s data security. The data security
management should also check and evaluate third parties carefully to lessen the chance of threat to the
company.
4. Create a Cyber Breach Recovery Plan

A preparedness strategy recovery plan will allow the employers and employees to take an action
immediately for potential consequences of data breach to reduce the lost productivity and unfavorable
publicity. The employers should not hide the truth to employees when a data breach occur to take an
action immediately.

CONSIDERING THIS SCENARIO, WOULD YOU CONSIDER TECHNOLOGICAL DEVELOPMENTS AS

ADVANTAGEOUS? WHY OR WHY NOT? JUSTIFY YOUR RESPONSES

Yes, I believe that the technological development as advantageous. A modern problem requires a
modern solution, with the data breach that happened in the Uber Inc. the use of our information
technology expert can address the issue easily by enhancing the company’s data security by creating
firewall and encryption. The modernization of the technological development is advantageous in a
business since it has a lot of benefits such as:

 Increases Operational Efficiency

One of the most significant benefits of information technology in a business is operational
efficiency, which implies that resources such as inventory, people, equipment, money, and so on
will be optimized, and the value of the resources will be maximized, thus improving the
company's workflow.

 Monitor security threats

You can utilize information technology to identify and assess potential security threats that may
harm the organization. It can also encompass external dangers such as data leaking, cybercrime,
and cyberterrorism. A company can monitor security requirements such as data integrity,
security tracking, system activity recording, and so on. These security measures, if implemented,
will help the company in protecting their privacy.

 Productivity and Automation

The adaption of technology solutions will overall productivity of the company with the
availability of high-speed internet and automation software enable the users for better handling
the tasks. It can also enhance the digital presence and engagement of your customers with the
use of the automation tools. With the availability of high-speed internet and automation
software, the use of technology solutions will increase the company's total productivity. It can
also improve your clients' digital presence and engagement by utilizing automated solutions.
 CASE STUDY: POSSIBLE DATA BREACH AT ORBITZ AFFECTS 880,000 PAYMENT

CARDS INTRODUCTION

What is the write-up all about?

The Orbitz.com is one of the biggest names in online travel agency (OTA), it is a travel website and travel
metasearch where a user can book flights, hotel and many more. The travel website is established
through a partnership of major online that is owned by Orbitz Worldwide Inc, a subsidiary of the Expedia
Group. In March 1, 2018, the Orbitz.com has been found with signs of a major data breach that may
have exposed 880,000 customer credit card records such as names, payment card information, dates of
birth, phone numbers, email addresses, billing addresses, and gender.

In between January 1 and June 22, 2016, the company stated that the hackers may have accessed
customer data submitted to a legacy website, while information from purchases from its partner
platform were exposed between January 1, 2016 and December 22, 2017. Despite evidence of a data
breach, the business has yet to locate direct evidence that personal information was stolen from the
site. In a statement, Orbitz stated they truly regret the occurrence, and they are committed to doing
everything they can to maintain the trust of customers and partners. The company said it is alerting
customers who may have been affected by the incident and is providing a year of free credit monitoring
and identity protection services.

What technology-related issue/s is/are apparent?

In recent years, not only has Orbitz been the victim of data hacks. In January 2018, OnePlus said that
40,000 of their customers had been hit by a data breach, which resulted in the company temporarily
suspending credit card payments for online transactions. Millions of consumer records were exposed at
Verizon, while Yahoo's 3 billion user accounts were also compromised by the data breach, and 143
million Equifax users' personal information was taken. Even Chipotle was hit by spyware that stole credit
card information from outlets in every state where the brand operates.

The technology-related issues that are apparent in this case are:

Poor data security. Hackers have successfully obtained private information from customers at
various companies across the world for many years. By failing to update the company's data security,
hackers gain access to company's sensitive information.

Weak credentials (Password). A weak or forgotten password leaves you open to hacking.

Spyware and Malware. It is used by hackers to gain unauthorized access to corrupt files or even to lock
down your gadgets. This type of virus is not easily recognized until it has caused damage, whereas
spyware is a type of malware that monitors your computer's actions.
 STATEMENT OF THE PROBLEM

What possible impacts or problems may arise in conjunction with the data breach?

A data breach can cause significant harm to employees, suppliers, and customers. With the hackers
holding personal information of the credit card users may be a victim of phishing attack and scamming.
On the other hand, the company will suffer reputational damage as a result of the cybercrime; the
majority of people will be unwilling to trust a company that has been breached, resulting in a drop in the
company's value.

SOLUTIONS

How can Uber Technologies, Inc. and other similar businesses prevent such from happening again?
What measures can you recommend?

Data-Centric Solution
The security system and another protective measure of the company develop is retained, what a
company need is an addition of an extra layer of security which is a data-centric solution where it will
allow you to strictly monitor who can access specific files and data sets.

Encryption
Security management can control the data such as a specific file or email that is encrypted properly. The
company can control who can read it at all times so that even if a data breach occurs in the system and
unauthorized individuals gain access to the data, they will not be able to read it and a data breach
concerning that data is avoided. Such an application can reduce your data breach risks to acceptable
levels and protect your business from ruinously high data breach costs.

Create unique and strong passwords. The more unique and strong the password, the more secure the
enterprise is from hackers and destructive malware.

CONSIDERING THIS SCENARIO, WOULD YOU CONSIDER TECHNOLOGICAL DEVELOPMENTS AS

ADVANTAGEOUS? WHY OR WHY NOT? JUSTIFY YOUR RESPONSES

Yes, the technological development is advantageous that can be used to address the problem with our
IT experts. With the increasing cyber-crime and data breaches, a security is all-important for business.

These are the reasons why I will consider the technological development as advantageous:

Cost and Time. We can’t deny that technology helps business to achieve more with less time. Repetitive
tasks that workers do daily can replace by technology which helps to save employee’s cost. Using
technology allows management to delegate duties, set up reminders, track progress, and so on. You
don't have to waste time doing easy things when you can quickly accomplish them with a few clicks on
your computer.

Communication. Technology is a faster and efficient means of communication. Website like the
Orbitz.com can provide online booking services which reduce transportation costs of the customers. The
company can use various platform to send and receive emails. The social media and other platforms are
all equally essential resources of information.