The fallout from the breach of ride-hailing service Uber continues to rumble on with the realities of how the firm handled the situation hitting home with customers.
Earlier this week Uber confessed to a massive data breach which affected 57 million customers and drivers worldwide, with names, email addresses and mobile phone numbers included in the trove of data stolen. The firm concealed the breach last year by paying off the hackers, but failed to notify victims or relevant bodies.
A flash survey of 500 smartphone users carried out by data security company Egress found that more than half (52%) of respondents would now delete the app or start using another ride hailing service following the breach, with 53% saying Uber’s dishonesty in trying to hide it was a factor in making them want to stop using the service.
In terms of accountability, an Infosecurity opinion poll revealed that 75% of 218 voters felt the CSO/CISO deserves to take the blame for a data breach, suggesting users think the decision to sack CISO Joe Sullivan was vindicated.
However, Egress’ survey also revealed some apathy among users when it comes to protecting themselves; 67% of people said they wouldn’t change their passwords despite the breach.
Tony Pepper, co-founder and CEO of Egress, said that with controversies surrounding Uber for some time and the company currently relying on public opinion to help support continued operations in London, this incident is likely to do it no favors.
“It’s the fact that Uber covered up the breach that seems to have got people’s backs up, clearly showing how important honesty is when dealing with such incidents,” he said. “The simple fact is that when this kind of thing happens, your customer base and bottom line are going to suffer so it has to be dealt with responsibly. While, in the UK, Uber has fewer direct competitors than in other parts of the world, controversies like this are going to drive customers away.”
Pepper added that more people should be taking proactive steps to mitigate any potential impact to sensitive data stored elsewhere, for example by changing passwords. “It’s clear more needs to be done to support citizens in the wake of data breaches and educate them in the best steps to take following such incidents”, he concluded.