Last Friday, popular rideshare app Uber released a statement announcing a singular unauthorized access of a company database on May 13, 2014. The company discovered the security breach on September 17, 2014.
Katherine Tassi, Uber's Managing Partner of Data Privacy, reported the company has received no reports yet of any malicious use of the information. According to Tassi, names of Uber drivers and their license plate numbers were accessed during the breach but no other sensitive information was compromised.
Ars Technica reported that it is not known whether drivers have reported suspicious activity since learning of the breach.
The five-month gap between the infiltration of data and the reporting of the breach has left some skeptical about Uber's handling of the situation. Speaking to The Wall Street Journal Jacob Olcott, a former congressional aide on cybersecurity, said: "Investors and consumers want timely, if not immediate, notification," and that there was an unusually long pause between discovery and reporting.
Tassi confirmed that, immediately upon learning of the breach, access protocols were changed in order to prevent a further violation. The company has offered its drivers a one-year subscription to a credit-monitoring service.
Uber isn't the only company to fall victim to a data breach within the last year. As violations become an increasing inevitable threat, corporations can look to big data security analytics to offer more sophisticated threat detection.
Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. FireBreak, when your firewall fails.