A few weeks ago the ridesharing service Uber reported that a handful of its current and former drivers’ names and license numbers were compromised. Because of this, Uber finds itself at the forefront of this week’s IT security newsmakers alongside Target, National Grocers and TalkTalk. So, what can your business learn from the stories making the news?
Roughly 50,000 Uber drivers may have affected by a breach of the company’s database. Katherine Tassi, the managing counsel of data privacy for Uber, stated that her company discovered a third party may have illegally accessed their database on September 17th, 2014. Investigators for Uber also discovered that a third party gained unauthorized access to their database on May 13th, 2014.
Uber has filed a lawsuit that will give the company leverage to gain more information that will help them identify and prosecute those responsible.
Reports from KrebsOnSecurity found that they had traced a pattern of fraud on customer credit and debit cards suggesting that hackers have tapped into cash registers at National Grocers locations all across the country. Cyber attackers breached the company last December by exploiting a vulnerability in their database servers and then installing malware to steal card data from their systems.
National Grocers says they are currently investigating the incident and they say than to update the POS system in all their stories with a new PCI-compliant system that will provide point-to-point encryption for better protection.
Target has reported $162 million in expenses between 2013 and 2014 due to a breach in December of 2013. The breach had minimal effects on the retailers most recent earnings report, though, as they recorded a 3.8 percent comparable sales growth in the fourth quarter of last year. Target remains optimistic that they will return cash to their shareholders in 2015 and beyond.
UK-based phone and broadband services provider TalkTalk recently released details about a data breach that compromised account numbers, addresses and phone numbers of customers. Cybercriminals allegedly used the information to target the company’s customers with phishing attacks. It was reported by The Guardian that a third-party contractor who had authorized access to TalkTalk’s customer accounts was involved in the breach. The company is currently working with the Information Commissioner’s Office and writing all of their customers to provide advice about the criminal activity.