On November 21, 2017, the CEO of Uber disclosed that 57 million Uber users' personal information was stolen during a targeted breach back in October 2016. This estimate also includes 2.7 million UK citizens, meaning if this breach had happened after May 25, 2018, Uber could have ended up paying the GDPR's whopping penalty: 4 percent of their total revenue or €20 million, whichever is higher.
The hackers leveraged a security loophole to access Uber's private GitHub site. That site held login credentials for one of Uber's Amazon Web Services servers, which contained an archive file with a list of rider and driver information.
The General Data Protection Regulation (GDPR) is all about data protection; specifically, securing EU citizens' personal data. That said, here are a few ways the upcoming regulation's requirements could have prevented the breach:
GDPR compliance begins with privileged access management.
The clock is ticking down to the GDPR's complete implementation. But, it's never too late to apply the above practices and begin your journey towards GDPR compliance. While being completely GDPR-compliant requires a variety of solutions, processes, technical controls, and measures, the first step towards compliance is eliminating poor credential management practices and controlling administrative access.
The moment a hacker gains access to privileged credentials, the entire organization becomes vulnerable to attack. So, a strict access management routine is a critical step to achieve a comprehensive, GDPR-compliant security perimeter around data systems containing users' personal information. Not to mention, automating the entire life cycle of privileged access with a comprehensive solution like ManageEngine's Password Manager Pro makes the whole process easier, as well as more effective. Get started today with your free 30-day trial of Password Manager Pro.