By the end of 2021, Uber, the ride-sharing app, had 118 million monthly active users and generated an average of 19 million trips per day. Founded in 2009 and based in San Francisco, Uber now operates in 72 countries and 10,500 cities.

Based on the technology giant, the show “Super Pumped: The Battle for Uber” premiered earlier this year. The show follows the rise and fall of one of Silicon Valley's most successful and turbulent companies.

The drama series takes on the perspective of Uber’s former CEO Travis Kalanick, played by Joseph Gordon-Levitt.

As the show’s title, “Battle for Uber” suggests, the road to success wasn’t smooth. The company faced scrutiny after it suffered a data breach, didn’t report it, and ended up getting sued for $148 million.

In 2016, hackers stole the personal information of 600,000 Uber drivers and 57 million customers. The information included names, email addresses, phone numbers, and driver's license information.

After the breach, Uber paid a $100,000 ransom to the hackers, who had promised to delete the data after receiving the payment. Uber said they “obtained assurances” that the hackers had deleted the stolen data. After the breach, it took several months for Dara Khosrowshahi, the former Uber CEO, to reveal it publicly.

California state law requires companies to notify state residents of any breach of unencrypted personal information. Companies must also inform the attorney general if a single breach has affected over 500 residents.

All 50 states and Washington D.C. sued Uber Technologies Inc. and the company received public backlash for trying to conceal the data breach. In the end, Uber paid $148 million to the Federal Trade Commission in 2018. It was the largest multi-state settlement of a data breach.

In 2020, the U.S. Department of Justice announced criminal charges against former Uber Chief Security Officer Joe Sullivan for obstruction of justice.

“Uber’s decision to cover up this breach was a blatant violation of the public’s trust,” California Attorney General Xavier Becerra said when announcing the settlement. “The company failed to safeguard user data and notify authorities when it was exposed.”

This story illustrates how the financial damage of a data breach can be far greater than what cyber criminals demand. As a result of trying to protect its reputation by obscuring the data breach, Uber suffered the consequences.

Has this tech giant become a trophy for cyber criminals?

Uber’s cybersecurity troubles flared up again in the Fall of 2022 after their internal systems were breached again. The hacker surfaced through a message sent in the popular messaging application, Slack, which Uber employees used.

“I announce I am a hacker, and uber has suffered a data breach,” the message read.

The unnamed 18-year-old who claimed responsibility for the hack said Uber’s ineffective security measures made the breach possible.

Credentials for the PAM platform admin were compromised. Researchers believe the hacker was only interested in cheap thrills since no ransom or extortion notes were found.

The full impact of the hack is unknown, but because of Uber’s history with cyber attacks, Uber may be a target again for young hackers trying to “make a name for themself” or to make headlines.

Once a company like Uber becomes intertwined with cyber attacks in the media, cyber criminals know the company is always working to secure itself better. This positions the company as a more formidable foe that garners more respect within the hacker community when the company is breached. Some cyber criminals hack for sport.

Like What You're Reading?

Subscribe to the Cyber Roundup E-Newsletter for useful tips, relevant blogs, insights from experts, and upcoming events.