Intelligent CISO Issue 9 - Page 25

threat updates EUROPE Ride sharing company Uber was handed a £385,000 fine from the Information Commissioner’s Office (ICO), the UK’s data protection watchdog, for having failed to protect customers’ personal information during a cyberattack. The ICO said a series of avoidable data security flaws allowed the personal details of around 2.7 million UK customers to be accessed and downloaded by attackers from a cloud-based storage system operated by Uber’s US parent company. This included full names, email addresses and phone numbers. An Uber spokesperson said the company had made a number of technical improvements to the security of its systems both in the immediate wake of the incident as well as in the years since. It has also hired a chief privacy officer, data protection officer and a new chief trust and security officer, stating the company is continuing in its commitment to earn the trust of its users. GLOBAL Question and answer website Quora announced it had discovered that some user data was compromised as a result of unauthorised access to one of its systems by a malicious third party. For approximately 100 million Quora users, the following information may have been compromised: • Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorised by users • Public content and actions, e.g. questions, answers, comments, upvotes • Non-public content and actions, e.g. answer requests, downvotes, direct messages The company said it is still investigating the precise causes of the breach and, in addition to the work being conducted by internal security teams, it has retained a leading digital forensics and security firm to assist it. | Issue 09 25