M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
Uber’s Data Breach & Frivolous Lawsuits against Tech Businesses

Uber’s Data Breach & Frivolous Lawsuits against Tech Businesses

Uber accidentally posted a secure key that allowed someone to access the data for its 50,000 drivers. Here's what IT pros can learn from Uber's legal trouble.

Wednesday, April 8, 2015/Categories: cyber-liability

Remember Uber's privacy breach? Wait no, not that one. The other one. That's right – the oft-troubled but successful ride-sharing app is having more data security issues.

Months after making headlines when an executive used privileged network access to track a reporter's location, Uber is in trouble again after committing a seriously head-scratching data security blunder.

Remember that Time Uber Posted Its Private Key on GitHub?

Gizmodo reports that Uber's driver records – all 50,000 of them – were unlawfully accessed when an unknown user found Uber's crypto key in files publicly posted on the popular coding community GitHub. Yup, you read that right. Uber accidentally posted its encryption key on an open source site that gets millions of visitors.

But forget about all the Uber security blunders. What makes this story so relevant for IT consultants and small tech companies is the legal complication we're seeing now. Uber has subpoenaed GitHub, proving once again that where there are privacy breaches, legal trouble will follow.

What IT Consultants Can Learn from Uber's Legal Squabble with GitHub

Uber's subpoena demands that GitHub give them the IP addresses of all the users who had accessed the files it posted. GitHub has refused.

Why is GitHub refusing?

  • Its own privacy policy may forbid it from disclosing this information.
  • It might be trying to protect its own reputation in the coding community and take a stand for data privacy.

Whatever the reason, the site has refused to give in to Uber's demands.

In short, it's a legal mess. Both companies are probably accumulating legal bills for a dispute that may not actually help anyone figure out who accessed Uber's files.

Here are three takeaways for IT consultants and small business owners:

  1. Lawsuits, subpoenas, and legal actions are terrible for your reputation. No one had even heard about this data breach before Uber subpoenaed GitHub and the court documents became public record. Basically, Uber was forced to admit publicly that it made a really stupid mistake with its data security.
  2. The cost of data breaches increases the odds of a lawsuit. Data breaches are expensive both in terms of damages to a company's reputation and the resources spent fixing and cleaning up the breach. To recoup losses, clients often sue IT consultants and third-party service providers who worked on the technology that was involved in the hack. If this becomes a full-fledged lawsuit, both sides will have a sizable legal bill when all is said and done.
  3. IT liability is a Gordian knot. In Greek myth, there was an infamous knot that was so tangled no one could untie it. That's what IT liability is like. Uber made a mistake. GitHub published that mistake. Uber is asking GitHub to divulge private data so it can figure out how its own private data was stolen. Did you catch all that? As a tech professional, you could find yourself in the middle of a privacy dispute you had nothing to do with.

To learn more about protecting your business from lawsuit costs over data breaches and privacy disputes, see our resources on Errors and Omissions Insurance for IT professionals.

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews


The Small Business Insurance Leader