Earlier this week, Uber’s CEO Dara Khosrowshahi gave a statement which he confirmed that in late 2016 they became aware that two hackers managed to gain access to personal data of 57 million customers based around the world which was stored on a third party cloud computing platform the company uses. UBER also admitted it paid the hackers responsible for the data breach $100,000 not to disclose the data breach to authorities.
With less than 6 months until GDPR is enforced, it could see Uber facing fines of €20m, or 4pc of annual turnover, for the data breach.
Sophos principal research scientist Chester Wisniewski points out that this type of cover-up is exactly the reason why GDPR is coming into force. “Uber’s breach demonstrates once again how developers need to take security seriously and never embed or deploy access tokens and keys in source code repositories,” he said. “I would say it feels like I have watched this movie before, but usually organizations aren’t caught while actively involved in a cover-up. Putting the drama aside and the potential impacts of the upcoming GDPR enforcement, this is just another development team with poor security practices that have shared credentials. Sadly, this is common more often than not in agile development environments.”
How Xtremepush can help you become GDPR compliant
GDPR is fast approaching and we have added a new module to our platform, specifically to cater for Customer Consent Management and Customer Data Management in the broader sense (with GDPR Privacy, Customer Consent, and Security built into to the module by design).
Key GDPR features of our platform include
- Enterprise-Grade security controls (passed multiple bank security tests)
- A Customer Consent module that enables real-time exclusion of Customer data across multiple channels, and an ability to manage Customer Consent not just at an individual level but also at a segment or group level if required.
- The platform has an inbuilt Real-Time Auditing Capability to report on Consent and PII data protection components.
- The right to be forgotten is enabled through the Customer Consent Management Module
- Our Agile Platform (cloud or on-premise ) has been built with data protection and privacy rights at its core by design.
Xtremepush is perfectly positioned to manage your GDPR data protection, consent and right to be forgotten requirements, via a powerful, secure and resilient platform.