Article

Uber Breach Gets Worse: Company Accused of Cyber Spying

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet972 viewsSign in to rate
The Uber breach, which compromised the data of 57 million drivers and customers worldwide, has just gone from bad to worse. Not only did the company wait for a year to disclose the hack, it scrambled to cover it up by forking over $100,000 in hush money to the hackers – which it funneled through its bug bounty program, no less, possibly in an attempt to keep the entire incident off regulators’ radar. As a result, Uber was facing multiple lawsuits, as well as investigations by governments in several countries. Now, former Uber security analyst Ric Jacobs is accusing the company of having engaged in KGB-level corporate espionage. In a 37-page letter that has been submitted in the lawsuit competitor Waymo filed against Uber, accusing the latter of having stolen its company secrets, Jacobs claims he witnessed Uber engaging in all manner of unethical and, in some cases, illegal cyber spying, including: • Hacking into an unnamed competitor’s database to obtain information on their employees for purposes of poaching. • Hacking into a second company’s database to “steal ideas, exploit any identifiable weaknesses and identify drivers in order to recruit them to Uber.” • Hacking mobile devices and networks to obtain metadata on opposition figures, politicians, and government regulators. • Engaging in social engineering tactics to infiltrate private online groups for Uber drivers. • Recruiting third-party vendors to steal information. • Recording phone calls and bugging hotel and conference facilities. A veritable case study in poor cyber security practices, awful data governance and risk management, and the consequences of having no cyber or business ethics, both the Uber breach and the newest allegations being leveled against the company contain cyber security lessons for us all. Cyber Security Lessons from the Newest Allegations Against Uber When news of the Uber breach first broke, the focus was on the data governance and risk management mistakes Uber made that led to the hack, such as including login credentials in software code and storing the code on a Github repository, and the company’s attempts to hide the breach instead of promptly disclosing it. The newest allegations have some things to teach everyone, too: • The threat of cyber espionage and digital IP theft is quite real, regardless of the industry you operate in. Whether it’s employee data, a secret recipe, or a proprietary app, all companies have digital IP and trade secrets that other companies want to steal. • The biggest vulnerability in your cyber security program is your own people. According to the court filing, Uber heavily engaged in social engineering tactics to steal information. • Hackers may target your third-party vendors to get at your company. • Securing employees’ mobile devices is just as important as securing your enterprise network and equipment. Whether Uber will survive this latest firestorm is questionable, especially since, in a settlement with the FTC following a 2014 hack, Uber agreed to “not misrepresent in any manner, expressly or by implication... the extent to which Respondent protects the privacy, confidentiality, security, or integrity of any Personal Information." At the time this settlement was being negotiated, Uber was in the process of covering up the 2016 hack, as well as possibly engaging in the cyber spying activities Jacobs has accused it of. Notably, Uber’s failure to disclose, in and of itself, would be illegal under the EU's new GDPR data privacy rules, set to take effect next May. As the Uber breach drama continues to unfold, don’t be surprised to see calls for similar data privacy legislation in the U.S.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026