John Flynn, Uber’s chief information security officer, discussed the hack and the organization’s response during a session at the 2018 Collision conference.
The details of tens of millions of riders and drivers were compromised by the hack, which took place in 2016, but was not initially disclosed by the company. Nor was the fact it paid the hackers to delete the information.
“I think we have learned a lot of lessons from that experience. We’ve had some challenging times, but I think what we’ve learned has made us a lot stronger,” he said. (For more, read WARC’s report: Uber takes new route after data breach.)
Foremost among these learnings, he suggested, was that even if the “technical response” was managed “quite well”, there were evident shortcomings elsewhere.
“I think the big thing that we learned was that we needed to do a better job being transparent – and we needed to tell both our users and our regulators more details about what we were seeing on the platform,” Flynn said.
An example of this idea in action is “privacy you can feel” – a tactic that helps increase user knowledge about their security options. “I think what we’ve seen is that customers actually want to engage,” said Flynn.
“They want to have settings. They want to have control. They want to feel empowered as part of the experience. And that’s one of the things we’ve been spending a lot of time on.”
Similarly, making sure that security and privacy are baked in to products, services and marketing campaigns “by design” from their very earliest stages is vital.
“As you’re building these experiences at your own companies, making sure that you’re providing mechanisms by which customers can engage with consent or protect the various aspects of their security and privacy story goes a tremendous amount a way to building trust with your customer base,” Flynn advised.
Sourced from WARC