A Lesson from Uber’s Data Breach Response
Recently, the company revealed that it experienced a massive data breach in late 2016, which exposed personal information of some 57 million of Uber’s customers and drivers.
And while news of companies being hacked have become nearly commonplace these days, the surprising part was that it took Uber a year to disclose the breach. Moreover, according to Bloomberg, the company paid the hackers $100,000 to destroy the stolen data and keep the situation under wraps.
It is difficult to understand how Uber’s leadership team thought it would be a good idea to hide the data breach from the public for so long, especially after what happened with Equifax earlier this year. After failing to report its data breach for several months, Equifax suffered major damage to its reputation with multiple executives, including the company CEO having to resign as a result.
In defense of Uber’s current CEO Dara Khosrowshahi, the initial breach and ransom happened under the watch of the company’s former chief executive, Travis Kalanick. To Khosrowshahi’s credit, his response to the news was fairly sensible.
After hiring a law firm to investigate the breach, Uber fired its chief security officer, Joe Sullivan. From a communications standpoint, the termination served as a firm step demonstrating that the company wants to improve the way it handles security to prevent crises like this from happening again.
In addition, Uber released multiple statements on their website, including a blog post from Khosrowshahi himself. The blog post also offered consumers the next steps the company is planning to take to notify and protect users, and promised to restructure Uber’s security team going forward.
Still, Uber’s initial decision to cover up the breach was perhaps its biggest mistake, which has undoubtedly dealt a serious blow to the company’s reputation.
Business owners and professional communicators can all learn an important lesson from this story. All secrets become revealed sooner or later. When your organization is faced with a serious crisis event, be it a data breach or any other situation that jeopardizes the well-being of your stakeholders, trying to conceal the problem is never a good strategy.
As a result, now Uber is not only facing major backlash from many of its customers, but also multiple lawsuits, including one from the city of Chicago, as well as serious questions about its business practices from the U.S. Congress.
If your company is threatened by a public relations crisis, don’t try to wing it – contact a professional crisis communications expert immediately.