Question

Read, and write a 1-page 400 WORD or more about :

Uber hack - reflects many areas of management , internal and external control failures and technology failures.The theme of your presention should focus on :

1- operational and security challenges associated with rapid corporate growth.

2- continuous upgrades and improvement .

---------------------------------------------------------------------

Uber is sued over massive data breach after paying hackers to keep quiet.

After Uber revealed that it paid hackers $100,000 to keep quiet about stealing the personal information of 57 million customers and drivers, the company is now facing at least three potential class-action lawsuits and separate investigations by the attorneys general of New York, Missouri, Massachusetts, Connecticut, and Illinois. The company said it also has been in contact with the Federal Trade Commission.

The legal action against Uber comes as the beleaguered ride hailing company is still reeling from high-profile sexual harassment complaints and ongoing federal probes of possible bribery, theft of trade secrets, and discriminatory pricing.

Uber waited more than a year to disclose the massive data breach. Hackers accessed the names, email addresses and phone numbers of millions of passengers, and about 600,000 drivers had their license numbers compromised. Adding to concerns about the sizable delay in notifying the public, elected officials and security experts are scrutinizing Uber's decision to pay a ransom to the hackers in exchange for deleting the stolen data and keeping the incident secret.

Answer 1

Ans: The ride-sharing organization's choices prompting information rupture and its handling of the episode should fill in as a wakeup call for undertakings confronting a breach. After the hacking incident of Uber, the authorities of the Uber organization is uncovering from the destruction of its most recent advertising nightmare, an October 2016 information break that traded off the data of 57 million riders and drivers.

What Went Wrong?

Uber without a doubt disregarded various US and universal information breach disclosure laws by neglecting to educate drivers and clients that their data had been compromised. A few Federal and State Government directions should manage in case of such disclosures. The organization should have had more robust access control for such a strong collection of information. Attackers at first got to a private GitHub coding webpage for Uber programming engineers, where they discovered credentials for an Amazon Web Services account containing clients' data. Designers are allowed to utilize live generation data in testing; sadly, this data is never secured or monitored and frequently stored in many different locations.

Key Questions

Many loopholes gave rise to many questions related to this scandal. If considered on time, could have stopped the leakage of information of millions of users who trust Uber services. For what reason did engineers approach 57 million records of personal data? Did they experience an approval work process to move that information on the web? Did Uber security have any checking set up to caution them when such immense measures of information were accessed? All these questions remain answered giving speculations to the foul play.

The way that engineers approach GitHub storehouses, and the way they access numerous clients' information, are the two occurrences of favoring convenience over security. Uber could have mitigated the harm with precaution measures around information downloads. When data was compromised, it ought to have recognized the volume of downloaded information. Specialists additionally say Uber should have encrypted its information before storage in outsider administration. While Uber wasn't right not to approach about the hack, there is less conviction around its choice to pay the assailants, who requested $100K to erase the stolen information. It is not advisable to pay programmers, a training that will keep on driving blackmail