Bradley attorney Paige Boshell was quoted in Legaltech News on details of Uber’s 2016 data breach and attempts to hide the information from users and regulators. Uber disclosed that the company made a $100,000 payment to hackers to delete data and asked hackers to sign non-disclosure agreements (NDAs) to ensure their silence.
While many corporate cybersecurity experts agree that data breach cover-ups happen all the time, the payment and NDAs, in Boshell’s experience, may be a less common practice.
“It’s really hard to tell how many companies have paid hackers. I have not heard of that yet in this type of context where it’s a true external hacker,” Boshell said, noting that some companies do opt to pay ransomware hackers demanding money in exchange for the return of data. While law enforcement officials advise that companies not pay ransomware, the popularity of ransomware attacks indicate that companies don’t always take that advice. “If it weren’t lucrative, it wouldn’t be skyrocketing in practice,” Boshell added.
Details are still emerging about Uber’s particular handling of this breach, but the non-disclosure agreement in particular raised red flags for Boshell. “It’s hard to say that that in itself is a crime, but it certainly makes them, from a reputational perspective, look less like a victim,” Boshell explained. “I have not personally heard of a company tracking down their own hackers and having them sign a non-disclosure. That puts them in a very unfavorable light.”
The complete article, “Uber’s Data Breach Cover-Up Strategy May Be More Common Than You’d Think,” appeared in Legaltech News on November 30, 2017.