What you should do after the Uber incident


Uber’s hiding its hacking incident that stole personal data of 57 million users and paying a ransom of $100,000 to the hackers spurred fury around the world.

The personal information of 7 million drivers was accessed, including some 600,000 U.S. driver’s license numbers. Uber said in a statement that no Social Security numbers, credit card information, trip location details or other data were taken.

When mega breaches happen, personally identifiable information can be traded on the dark web, which may lead to identity theft, according to a cyber security expert.

“Unfortunately, those who have had their information stolen in a data breach are even more likely to become victims of identity fraud,” Nick Shaw, vice president and general manager of Norton EMEA.

Last year alone more than, 1 in 10 people impacted by cybercrime in the UK experienced identity theft where a cyber criminal used their personal information to impersonate them and commit fraud.

Shaw shares the following advice on what consumers should do after such breaches:

Change your usernames and passwords for online accounts. Use strong and unique passwords for computers, IoT devices, Wi-Fi networks and online accounts. Don’t use common or easily guessable passwords such as “123456” or “password”. Create complex passwords that are hard to guess and change them regularly. Also use different usernames and passwords for each online account so if one account is compromised, cybercriminals won’t be able to gain access to other online accounts with the same username and password.

Be very wary of any email purporting to relate to the breach - there is often a surge in phishing attempts related to high-profile breaches.

Exercise caution with websites offering to check if someone’s details are included in the breach. Unscrupulous operators could use the submitted details to identify people who are worried about the breach and target them with extortion attempts. Use free tools, such as Norton Safe Web, to check on the reputation of the site.

Do not pay anyone offering to remove personal details from the leaked data, since this cannot be done. This information is already in the public domain and multiple copies exist.

Closely monitor your bank accounts and any other financial accounts you may have. If the financial companies you do business with offer activity alerts, sign up for them. And if you receive an alert or your financial institution reports unusual account activity, respond as soon as possible.