C
o
mp
li
a
n
ce
&
Et
hi
c
s
P
ro
f
e
s
si
o
n
al
J
a
nu
a
r
y
2
0
1
8
NEWS
Read the latest news online · corporatecompliance.org/news
States probe Uber for hiding data breach
The beleaguered rideshare firm Uber
now faces multiple investigations by state
attorneys general and the Federal Trade
Commission (FTC) over its admission
that it paid hackers $100,000 to keep quiet
about a data breach that accessed personal
information of 57 million customers and
drivers more than a year ago. The states
of New York, Missouri, Massachusetts,
Connecticut, Illinois, and New Mexico
want to know why Uber waited so long
to reveal the October 2016 data breach,
which included customer names, email
addresses, phone numbers, and drivers’
license numbers. Information about the
$100,000 ransom paid to the hackers in
an effort to have the stolen data deleted
is also sought. The FTC indicated it is
monitoring “the serious issues raised”
by the hack. Other nations, including the
United Kingdom, Italy, the Netherlands,
Australia, and the Philippines, said they
also are investigating Uber’s withholding
of information about the hack. Meanwhile,
at least four lawsuits initiated by Uber
customers have sought class-action
status. Uber Chief Executive Officer Dara
Khosrowshahi has indicated that the
company’s chief security officer, who had
arranged the ransom payment, was fired,
and the company is cooperating with
authorities.
Study: Size of average data breach rises,
but average cost down
The average size of data breaches has
increased 1.8% when comparing 2017 to
2016, but the average cost is down 10%,
according to a recent global study by
IBM Security and Ponemon Institute.
Titled “2017 Cost of Data Breach Study:
Global Overview,” the study found that
the average total cost of a data breach
for the 419 participating companies
has decreased from $4 million to $3.62
million, but the average number of
breached records increased from 23,594 to
24,089. The cost of breaches varies widely
by country or region, with the United
States topping the list at an average cost
of $7.35 million per breach incident,
compared to second place Middle East
with an average cost of $4.94 million
per breach incident, or last place Brazil
with an average cost of $1.52 million per
breach incident (out of 11 countries and
two regions). Another key finding, certain
industries have more costly data breaches
than others. Although the average global
cost of a data breach per lost or stolen
record is $141, health care organizations
have an average cost of $380 per record,
financial services have an average cost of
$245 per record, and lowest is the public
sector, where an average cost per stolen
record is $71. For more information,
download the study: https://ibm.co/2AdsJu W.
