Uber Data Breach: Out of the Frying Pan, into the Fire
It’s been a torrid week for Uber both locally and overseas as the global ride-sharing company come under fire yet again for business malpractices amidst a data breach.
Uber in Trouble (Again)
Uber users in Singapore have complained about being charged for unauthorized rides, often from faraway places. The victims were charged in foreign currencies such as the US Dollar, Euro and Pound Sterling. They also held credit and debit cards issued by different banks.
One of the victims, Ms Daphne Maia Loo stated that the bookings charged to her OCBC card were not made from her Uber app. Neither did she receive any notifications about the billings via the app or email. Ms Loo was subjected to more than 15 unauthorized transactions, one of which amounted to S$276.
Another anonymous victim was charged over S$1,300 for upwards of 30 unauthorized transactions over a period of 5 days.
Such incidents have been popping up on Facebook and social media. However, such reports of fraud and ‘phantom rides’ are not new and have been made in Singapore earlier in 2017 and just last year in London.
That such incidents still occur months on massively shakes consumer confidence and indicate that there could be much more deeply-rooted problems at Uber.
The Cover Up
As the saying goes ‘when it rains, it pours’. To further rub salt into their wounds, Uber revealed that hackers stole the data of 57 million Uber users back in 2016.
The stolen data includes names, email addresses and mobile numbers of riders and names and driver’s license information of roughly 600,000 drivers. Subsequently in the ultimate breach of trust, Uber paid the hackers US$100,000 to destroy the data.
The information about the data breach was only revealed a year on after current chief executive Dara Khosrowshahi recently learnt of the incident.
Once the news broke, Uber’s attempt at covering up the data breach was met with a storm of criticism. Experts such as computer security specialist Graham Cluley stated that it is much better for a company to admit a screw-up than to try and cover it up. When the truth eventually comes out, trust and consumer confidence is much harder to regain.
Even more bizarre, was Uber’s decision back then to pay the ransom and trust that the hackers will delete the stolen data.
Khosrowshahi in taking over has a huge mountain to climb to overturn Uber’s reputation amidst numerous scandals and reports of a toxic workplace culture.
Meanwhile, Uber believes that the 2016 data breach is not linked to the ‘phantom rides’ cases being reported in Singapore. Uber is in the process of notifying various regulatory and government authorities and investigations are ongoing.
Regardless, affected users are advised to get in touch with Uber’s support team to get a refund and reset their account passwords.
Experts have pointed out that while there may not be much immediate impact for users in the wake of the data breach, all that information could be used for phishing attempts or spam and advertisements.
Potential Repercussions
For Uber, the repercussions could be much stronger. In the US, at least two class action lawsuits have been filed against the company for failing to disclose the data breaches and potentially causing harm to consumers with more likely to follow. Not at all good news as Uber is steadily losing ground in markets globally.
Uber’s deal with Japanese tech giants SoftBank are not likely to be affected by this as the data breach was revealed to the Japanese conglomerate while the discussions were ongoing, a small positive to take away.
In Singapore, this incident may hinder plans to move Singapore towards adopting cashless payment methods. Singaporeans are already divided about the push towards a cashless society. In a survey conducted earlier this year, only about 48% surveyed supported it.
This data breach incident may serve highlight the risks and downside and increase distrust towards cashless payment methods, especially among the older generation who are already less likely to adopt new technology.
Uber’s chain of bad press also further solidifies Grab’s iron grip on the Singapore market despite Uber’s attempts at introducing value-added services like UberPET and UberASSIST while improving drivers’ working conditions.
With Lyft(USA) and Grab licking their chops, Uber’s margin for error grows ever smaller as the world waits to see how they can rebound.
