BreachExchange mailing list archives
Uber Found to Have Breached Australians' Privacy Following 2016 Hack
From: Sophia Kingsbury <sophia.kingsbury () riskbasedsecurity com>
Date: Tue, 27 Jul 2021 11:52:21 -0400
https://www.natlawreview.com/article/uber-found-to-have-breached-australians-privacy-following-2016-hack In 2017, Uber disclosed to the Office of the Australian Information Commissioner (OAIC) a breach of its some 57 million global users and driver’s personal information (including approximately 1.2 million Australians). Last Friday, the OAIC determined that Uber had breached the Australian Privacy Act by failing to take reasonable steps to protect Australians' personal information from unauthorized access. Despite the breach and Uber’s decision not to individually notify those affected or report the attack until 2017, no fine has been imposed; whereas, other jurisdictions imposed large fines for the breach – US ($148 million) and UK (£385,000 pounds). Instead of a fine, the OAIC has ordered Uber to put together a data breach response plan, information security program, and data retention and destruction policies and procedures. There is an independent supervision of these steps which is a popular measure with the OAIC. It is interesting to see that Australia did not set a monetary fine despite the size of the breach and the global industry player involved. Since the determination, it has been reported that Uber has obtained ISO 27001 certification and has updated its security policies and procedures. Following the series of ransomware attacks recently, it is also noteworthy that Uber chose to pay its attackers US $100,000 at the time to delete its user’s stolen data. Perhaps as suggested by the Ransomware Payments Bill, mandatory reporting of ransomware attacks would be helpful to better monitor these types of breaches in Australia, but we wonder if with a global company such a payment would have fallen into Australian regulatory reach unless the Australian subsidiary made the payment?
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Uber Found to Have Breached Australians' Privacy Following 2016 Hack Sophia Kingsbury (Jul 28)