Another day, another company suffers a data breach...but this time it was deliberately covered up.
In October 2016, the USA based ride sharing giant, Uber, suffered a massive data breach involving the personal information of c. 57 million of their customers, which also included an unknown number of Australians. The information stolen included email addresses and phone numbers as well as drivers' licence numbers of c. 600,000 drivers in the USA. According to Uber, sensitive information such as location data, credit card numbers, bank account numbers, social security numbers were not compromised.
Not only did Uber fail to immediately report the breach, they took steps to actively cover it up by paying the hackers more than $100,000 to delete the information. Therefore, for a least a year the affected Uber customers have been blissfully unaware that they were potentially exposed to identity theft, and were not provided with an opportunity to protect themselves because they didn't know.
Uber are now likely to be subjected to class actions and a variety of investigations by USA (and other jurisdictions) federal and state authorities which will probably result in substantial fines and penalties. The fallout from the reputational damage arising from the coverup and undermining of customer trust remains to be seen.
As previously discussed in our recent email, Australian legislation will take effect in February 2018, which provides for mandatory data breach reporting and includes penalties of up to $360,000 for individuals and up to $1.8 million for organisations for noncompliance. You can learn more from the Office of the Australian Information Commissioner, see their website www.oaic.gov.au
If you would like more information about how Cyber insurance can help protect your business, please feel free to contact James on 02 9328-3322, email jamesc@logicalinsurance.com.au or visit the Logical Insurance Brokers website at www.logicalinsurance.com.au/logistics
James Cotis
Principal
Dip. Law, Dip FS (Ins. Broking), ANZIIF (Snr Assoc) CIP, QPIB, JP