Following the news that Uber suffered a major data breach in October 2016 and concealed the incident by paying the hackers $100,000, Egress Software Technologies conducted a flash survey through personal data and insights platform CitizenMe on attitudes to the breach. The survey of 500 UK adults on the morning of Wednesday 22nd November found that:
- 53 percent admitted that they hadn’t been aware of the situation prior to being asked by Egress, however having been made aware of the fact that Uber tried to cover up the breach, more than half (53 percent) of respondents said it made them want to stop using the taxi app.
- When asked what measures they would take to protect their data following the breach, more than half (52 percent) said they would either delete the app or would start using another, similar service, while a third (33 percent) said they would take the sensible step of changing their passwords
- However, more than a fifth (21 percent) of respondents felt that such incidents probably happen all the time and so Uber's situation doesn't bother them and over a quarter (27 percent) felt it was annoying but wouldn’t stop them using the service.
Tony Pepper, co-founder and CEO of Egress, comments: “Uber has had a slew of controversies surrounding it for some time now and at a time when the company is relying on public opinion to help support continued operations in London through petitions etc, this incident is likely to do it no favours – as the results of our flash poll show. Interestingly here it’s the fact that Uber covered up the breach that seems to have got people’s backs up, clearly showing how important honesty is when dealing with such incidents. The simple fact is that when this kind of thing happens, your customer base and bottom line are going to suffer so it has to be dealt with responsibly. While, in the UK, Uber has fewer direct competitors than in other parts of the world, controversies like this are going to drive customers away.
“What’s also interesting from these results more generally is the fact that so many people hadn’t been aware of the situation before we highlighted it. The types of data Uber holds on both customers and employees is highly sensitive, so if the worst does happen and it is breached, especially in such a volume as this, it should be expected for the organization to take responsibility and let those individuals know. Rightly, consumers are becoming increasingly more aware of the risks to their personal data, so there’s only going to be fewer places to hide these incidents in future. However, I’d also expect more people to be taking proactive steps than we’ve seen here to mitigate any potential impact to sensitive data stored elsewhere, for example by changing passwords, so it’s clear more needs to be done to support citizens in the wake of data breaches and educate them in the best steps to take following such incidents.”