Earlier this week, Uber’s CEO Dara Khosrowshahi gave a statement which he confirmed that in late 2016 they became aware that two hackers managed to gain access to personal data of 57 million customers based around the world which was stored on a third party cloud computing platform the company uses. UBER also admitted it paid the hackers responsible for the data breach $100,000 not to disclose the data breach to authorities.
With less than 6 months until GDPR is enforced, it could see Uber facing fines of €20m, or 4pc of annual turnover, for the data breach.
Sophos principal research scientist Chester Wisniewski points out that this type of cover-up is exactly the reason why GDPR is coming into force. “Uber’s breach demonstrates once again how developers need to take security seriously and never embed or deploy access tokens and keys in source code repositories,” he said. “I would say it feels like I have watched this movie before, but usually organizations aren’t caught while actively involved in a cover-up. Putting the drama aside and the potential impacts of the upcoming GDPR enforcement, this is just another development team with poor security practices that have shared credentials. Sadly, this is common more often than not in agile development environments.”
How Xtremepush can help you become GDPR compliant
GDPR is fast approaching and we have added a new module to our platform, specifically to cater for Customer Consent Management and Customer Data Management in the broader sense (with GDPR Privacy, Customer Consent, and Security built into to the module by design).
Key GDPR features of our platform include
- Enterprise-Grade security controls (passed multiple bank security tests)
- A Customer Consent module that enables real-time exclusion of Customer data across multiple channels, and an ability to manage Customer Consent not just at an individual level but also at a segment or group level if required.
- The platform has an inbuilt Real-Time Auditing Capability to report on Consent and PII data protection components.
- The right to be forgotten is enabled through the Customer Consent Management Module
- Our Agile Platform (cloud or on-premise ) has been built with data protection and privacy rights at its core by design.
Xtremepush is perfectly positioned to manage your GDPR data protection, consent and right to be forgotten requirements, via a powerful, secure and resilient platform.
Catch up on our GDPR series here
- Uber’s error ahead of GDPR is valuable lesson for businesses - November 24, 2017
- Research shows that Irish Firms are NOT ready for GDPR - November 16, 2017
- The Importance of Web Push Notifications for Retailers - November 15, 2017
- GDPR and what it means for Email Marketing - November 9, 2017
- The Xtremepush Use Case Series: Basket Recovery in the Retail Industry - October 19, 2017
- The Xtremepush Use Case Series: Cart Recovery for the Sports Betting & Gaming industry - October 12, 2017
- Xtremepush: Top 10 Marketing Automation Solution Provider 2017 - October 11, 2017
- The Benefits of using Google Tag Manager - October 3, 2017
- The Xtremepush Use Case Series: Onboarding your user - September 29, 2017
- Apple iOS 11: The Key Changes - September 21, 2017