Australian users have been caught up in a data breach which exposed the personal information of 57 million Uber users worldwide, it has been reported.
The ride-sharing firm has contacted Australian privacy commissioner, Timothy Pilgrim, to inform him that local users have been affected, according to the
Australian Financial Review.
Uber covered up the attack for more than a year, paying the hackers US$100,000 to delete the information - but the breach came to light last week after the firm admitted its failings.
Samuel Rogers, national practice leader for cyber risk at
JLT, said that while there was “nothing we haven’t seen before” in terms of how the breach came about, the response from Uber paints the firm in a negative light.
“If this was just a breach they hadn’t said anything about that would be one thing but the ransom element is really not a great look,” Rogers told Insurance Business. “It is probably going to be a large regulatory issue for them in the US; it could potentially be a regulatory issue for them in Australia as well.”
Rogers said that the attack presents several lessons for the insurance industry both in terms of how they protect the data of their own clients and the cover they offer and recommend.
“The number one takeaway is about incident response and reporting of these incidents,” Rogers continued. “The companies who have handled this situation best in the past have been very upfront.”
He added that brokers should advise clients to follow a more transparent path if they are the victim of a data breach as their customers want information about any breach and to be reassured over the steps a company is taking in response.
“It is another opportunity for insurance companies and brokers to speak to clients and say, this is another great example of where something has gone wrong and an insurance policy, if this were to happen to you, could potentially help,” Rogers said.
With mandatory breach notification laws coming into effect in February, Pilgrim reminded businesses to ensure they are ready for the commencement of the laws.
“Incidents such as this are a timely reminder to Australians of the value of the personal information we provide in order to receive products and services,” Pilgrim said. “It is also a timely reminder to Australian businesses and agencies of the reputational value of good privacy practice, and the reputational risks that can follow the mishandling of personal data.”
Related stories:
Kaplan launches cyber education library
Lawcover-insured law practices to get cyber-risk cover
.jpg)
