As one of the fastest growing private, venture backed company in the world, security was always going to be hot topic.
Uber is a ride-share based transport company where users “hail” a ride using the app on their smart phone. This then prompts a near-by driver to take the fare. The purpose of this and other similar applications, is to show transparency to both driver and passenger. The driver’s information is produced to the passenger and the driver knows who they are picking up. Instantly there is a need for good security practice with the transfer of PII (Personal Identifiable Information).
Earlier this year, Uber reported a data breach in it’s system where up to 50,000 driver’s PII was stolen. This led to a report from the Guardian stating that login details of users and drivers could be purchased online for as little as $1.
Since this and other issues held with the company over how it handled information, Uber drafted former Federal Cyber crime prosecutor Joe Sullivan as their CISO in April.
Sullivan is reported to have stated that Uber have taken significant steps in improving it’s Information Security management system. The $50bn valued company will increase it’s security team above 100 people. An increase of about 4x it’s current capacity.
Uber’s CISO has also been reported to say – “Every company is a data company now, no one can be unsophisticated. The challenge is half the company needs access to customer data some of the time — it is not just customer support, it is marketing, engineers as they iterate, communications when they need to figure out what happened in an incident”.