Uber has got rid of its chief security officer and announced that his team paid off hackers who stole data belonging to 57 million users. The ride-hailing app’s chief executive, Dara Khosrowshahi, said: “None of this should have happened, and I will not make excuses for it.” Former CSO, Joe Sullivan, presided over a loss of the names, email addresses and mobile phone numbers belonging to Uber drivers and passengers, according to Bloomberg. Mr Sullivan’s team then paid the hackers $100,000 to delete the data instead of notifying the victims. Uber’s former chief executive, Travis Kalanick, learned of the hack in 2016, according to Bloomberg – seven months before a shareholder revolt forced him to quit1 and replaced him with Mr Khosrowshahi. “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorised access by the individuals,” said Mr Khosrowshahi. Uber says it does not believe its customers need to take any action.
Image: ‘None of this should have happened, and I will not make excuses for it,’ said Uber’s CEO
“We have seen no evidence of fraud or misuse tied to the incident,” says a help page on its site.
“We are monitoring the affected accounts and have flagged them for additional fraud protection.” Mr Khosrowshahi said the data had been stolen from a “third-party cloud-based service” – understood to be Amazon Web Services, which the attackers accessed using legitimate passwords stolen via coding website Github. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed”.
The chief executive, who joined the company in August, added in his statement: “You may be asking why we are just talking about this now, a year later. “I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
The data breach comes as Uber looks to improve its image after bad publicity during the tenure of Uber’s founder Travis Kalanick, and the decision by transport bosses in London to take away its licence. Mr Kalanick was ousted as chief executive in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits. Uber’s new boss said the company was now working with regulators on the breach and notifying drivers whose licence numbers were downloaded – as well as giving them credit monitoring and identity theft protection.
A review of its security is also taking place in conjunction with Matt Olsen, a former National Security Agency general counsel and cybersecurity expert.
The amount of money MPs are spending on security has skyrocketed following the murder of Jo Cox, new figures show. The Independent Parliamentary Standards Authority’s latest accounts show MPs spent 2.5m on security in 2016/17 – up from 170,000 the previous year. The figures are part of the annual report of MPs expenses. IPSA chair Ruth Evans said the rise was a reminder that “we take the security of MPs, and that of their families and their staff, very seriously”.
Image: The rise came after MP Jo Cox was killed in June 2016
MPs have previously spoken of having to carry personal alarms1, which are GPS-enabled and allow them to record conversations for police records. Similar devices were also offered to constituency workers following attacks on MPs’ offices.
A new IPSA fund was also created in 2016 for MPs to claim for alarm systems, shutters and CCTV.
A runaway girl slipped through security checks and managed to get on an easyJet flight without a boarding pass, officials have said. The seven-year-old “took advantage of her small size” and pretended to be with adults in Geneva Airport – however, she was spotted by a flight attendant before the plane took off for Corsica. Footage showed she was initially turned away after trying to follow crew members on to an Air France flight, but succeeded on her second attempt after slipping through a gap only large enough for a small child. Air France had notified easyJet about the incident, with the low-cost airline then handing her over to the police. The bizarre incident, which officials admitted could have been much more serious, has prompted an investigation.
Image: Geneva Airport, where the girl snuck through security checks to board a plane
The girl had slipped away from her own parents at a railway station in Geneva before catching a train to the airport. A timeline put together by the airport indicates she passed security at about 1.47pm and boarded the plane at 2.20pm . The airport management found out about her at 2.50pm. Geneva airport spokesman Bernard Stampfli has described the incident as “eminently regrettable” – and said security checks are being enhanced to ensure all children are accompanied by adults. In a statement, easyJet acknowledged that “an unaccompanied child incorrectly boarded flight EZS1305 from Geneva to Ajaccio”, and said an investigation has been launched.
“The crew correctly identified the child should not be on board and immediately reported it to the police,” the statement added.