A New Jersey law firm that represents Uber has released that an unknown number of drivers have had sensitive data stolen from cyber attackers in a recent incident.
In a letter sent by Genova Burns to the affected Uber drivers, the law firm became aware of suspicious activity relating to internal information systems on Jan. 31. Genova Burns has possession of data regarding certain Uber drivers because of the firm’s legal representation of Uber Technologies, Inc.
Once the suspicious activity was discovered, outside forensic and data security specialists were engaged to investigate the nature and scope. The investigation determined that an unauthorized third party gained access to the firm’s systems and certain limited files were accessed between Jan. 23-31. Information impacted included names, Social Security numbers and/or tax identification numbers. However, so far no information has been misused due to the breach.
It is not uncommon for businesses to rely on third-party services, which is why security leaders should take steps to protect sensitive data. Here is what some security leaders had to say about the recent breach news:
“A typical enterprise business uses more than 1,000 cloud services and applications, many of which are third-party services. However, the real issue is the exchange and monetization of sensitive data between different parties,” said Vice President of Product Strategy at Zimperium Krishna Vishnubhotla. “Once this happens, it's challenging for any enterprise to keep track of where this data resides at all times and if it is properly protected. With more companies adopting mobile as a delivery platform, this trend will only accelerate, since it is economic and business-sensible. But, if we don't adopt risk-based access strategies, we will pay with our privacy.”
“Third party attacks to steal sensitive personal data are difficult to navigate once they happen. Knowing what data you have, where it is stored, and for how long, is critical in today’s technologically complex environment,” said Erik Gaston, vice president, Global Executive Engagement at Tanium. “To guard against these incidents, it’s essential to understand the criticality of data and the lifecycle of its various components. The best defense against third-party data breaches is a good offense. Being proactive can help prevent attacks, or at the minimum reduce the severity, size and scope.”