Uber Breach Highlights Data Security Risks that Exist for All Companies and the Steps Needed To Address Them

In November, Uber disclosed a security breach that occurred in October 2016, when hackers stole from a third-party server data about 57 million Uber drivers and riders. The company also revealed that they took affirmative steps to keep the data breach secret. The New York Attorney General’s office is opening an investigation of the incident, and members of Congress have sent letters to Uber demanding additional details about the breach. This case highlights the importance of having in place appropriate data security, and a plan to respond to security breaches –  to any company. Data security is critical to a company’s brand, reputation and market trust. A company’s…

READ MORE

UK Authority Warns Small Companies: “Data Protection Laws Apply to You” Fining an SME £60,000 for Failing To Take Basic Steps

The UK Information Commissioner’s Office sent a clear signal last month that it is paying close attention to the data protection measures taken by small and medium sized companies. In a statement published June 27, 2017 titled “Warning to SMEs as firm hit by cyber attack fined £60,000” (i.e. about $80,000 U.S.), the ICO announced an action against Boomerang Video, a small Internet company based in Berkshire, England, for failure to take appropriate steps to secure customer information. ICO enforcement manager, Anne Poole said: “Regardless of your size, if you are a business that handles personal information then data protection laws apply to you.  “If a company is subject to…

READ MORE