Uber for riders are inexpensive and safer taxi service. Accordingto (Paul Gil) Uber undercuts their fees by up to 25% to 50% compare to taxi cabfees, which makes the riders keep using Uber. With Uber, riders can also paytheir bill using their mobile devices which linked to their valid credit cardor Paypal account making it convenient compare to taxi cabs that demands cashfor payment. Now when it comes to drivers Uber does not charge monthly fees forits drivers, while taxi cab drivers pay monthly fees to their parent company.
It’salso easy to become an Uber driver, all you need is posses a clean driverrecord and criminal record, a car that insured less than 10 years old, 21 yearsof age and $50 cash. The driver’s vehicle should pass a mechanical inspectionat an approved technician’s shop (Paul Gil). However Uber isn’t as safe and secure like how everyonethinks. In October 2016 Uber had a massive global data breach that affected 57million users and drivers around the world causing information to be leakedsuch as names of the users/drivers, phone numbers, email addresses, and licensenumbers of the drivers.
According to Uber No Social Security number, creditcard information or other data were taken, but according to (Eileen Yu) thereare reports that some customers in Singapore found charges made to their Uberaccounts and credit cards for rides they never took, including transactionsmade in the UK and US and in foreign currencies. Uber not just failed to notify its user but they also hid formore than a year the data breach that happened. Uber reportedly paid $100,000to delete the stolen data and tried to keep news of the breach quiet by havingthe hackers sign non-disclosure agreements (Cyrus Farivar). After reading this Iimmediately think if Uber know who hack their data then why did they not givethis information to the authorities? And even the hackers did erase the datathey would still have copies of it, because that kind of information can besold (in the future) in a really high price. Uber spokeswoman Molly Spaeth senta statement to other media, including the Chicago Tribune, which read: “Weare committed to changing the way we do business, putting integrity at the coreof every decision we make, and working hard to regain the trust ofconsumers.” (Cyrus Farivar).
Uber also said in a statement to drivers thatthey are directly notifying the affected drivers by mail or email and areoffering them free credit monitoring and identity theft protection. According to (Bloomberg) the attack started when theattackers accessed a private GitHub coding site used by Uber software engineersand used the login credentials to access the data stored in an Amazon WebServices account. To me I think this happen due to Uber’s lack of security,encryption of private data (Which Uber failed to do so According to PaulLipman, CEO of cybersecurity firm BullGuard) that being stored is importantbecause with encryption it will prevent any unauthorized access to thesensitive data. FTC (Federal Trade Commission) concluded its investigation to Uber’sprivacy practices and says Uber failed to protect user data in two key ways.First was misrepresenting the extent to which it monitored its employees’access to personal information about users and drivers, and second bymisrepresenting that it took reasonable steps to secure that data,”(fastcompany). The data breach that happened to Uber can be minimized ifthey decided to notify the users after the breach happened.
If the users wherenotified right away they can either change their passwords or deactivate theirUber account. With this it’s much less likely for the users account details tobe leaked. Another way is zero-trust approach (Jason Chow) with this the userwill only be able to access their account with their own devices and if someonetried to open their account with the different device it will be blocked fromaccess