Uber Breach and the Need for Data Visibility

Published On: October 11, 2022Categories: Blog

A recent major new story puts Uber, once again, in the headlines for not the best reasons…In this case, former CISO, Joe Sullivan, was found guilty of not disclosing a data breach to the authorities and subsequently participating in an attempt at a cover-up. Mr. Sullivan claims that this was part of the Uber bug-bounty program; however, it is clear that this was not a normal “bug” but rather a hacker who had accessed an unsecured AWS data repository where they subsequently downloaded database backups. To make matters worse, these backups housed personal data on 57 million customers and about 60,000 Uber drivers – huge numbers if you consider the GDPR fines of 4% annual revenue.

To put this in perspective, according to a 2021 IBM report, a single breached record could cost a company $180. In this case, the cost of the breach for Uber could have been $10 billion based on that simple math – while this isn’t what it would cost the company, it is still indicative of the scale of this breach and it makes the alleged cover-up and ransome of $100,000 that much worse.

A key priority for CISOs and security professionals is that they don’t have visibility into all sources of sensitive data. Sure, they may know the major databases and data warehouses, especially with transactional data, but with the proliferation of data science, work-from-home, global operations and simple data source installations, it becomes nearly impossible to find, understand, and protect all that sensitive data. What they then need is a way to do a single massive scan to get a baseline of all sensitive data in the entire organization and then continuously update the master data classification map when new data sources come online or data moves to new locations. Even better would be the ability to do this in hybrid, multicloud environments for structured and unstructured data that is simple to install and with 98% or greater accuracy so the CISO can rest assured that all of their sensitive data is protected properly.

In today’s crazy world, things are often not this easy. 1touch.io is here to help! Inventa, the leading data discovery and classification tool on the market can do all of the above and much more so please reach out to schedule a demo. Hey, it may even keep you and your organization out of the headlines…or out of jail…