According to statistics published on Statista, in 2019, there were 1,473 reported data breaches that exposed 164 million records. Those numbers don’t include data breaches that were never reported.
No business or industry is immune from the devastating consequences of a data breach. That includes the ridesharing industry. People who use services from companies like Uber and Lyft have already been adversely affected by cyberattacks.
Network security is essential for ridesharing companies to protect customer data, especially payment information. There are several layers to network security, some of which include packet filtering, proxy services, stateful inspections, and next generation firewalls. Ridesharing companies should be using next generation firewalls specifically because they provide deep packet inspection at the application level.
Security risks are inherent in every business that operates online. Here are four of the top data security threats ridesharing customers face.
1. Ridesharing apps save credit card information in user accounts
While some ridesharing patrons fall for phishing schemes and unintentionally (yet voluntarily) give their login credentials to hackers, some accounts are hijacked directly from the company’s database through security vulnerabilities.
Once hacked, cybercriminals take advantage of the stored credit card and use the ridesharing service. For example, an Uber customer from Tennessee noticed her account had been stolen so she immediately called Uber and asked the company to close her account. Her account wasn’t closed right away and $254 was fraudulently charged to her account.
Anytime payment information is stored in a customer’s account, the consequences of a data breach greatly increase. Ridesharing applications rely on saved payment data to process quick transactions.
2. Data breaches aren’t reported right away
Most companies don’t report a data breach immediately. Sometimes that’s because it takes a long time to discover the data breach. Other times it’s because the company waits as long as possible, hoping they won’t need to disclose the breach.
Uber is one of many companies that sat on a massive data breach before disclosing. The company discovered a major data breach in 2016, but failed to disclose the news for almost a year. According to Uber, the breach occurred when Uber’s third-party cloud service was accessed by two unauthorized parties.
The breach exposed the full names and driver’s license numbers of 600,000 U.S. Uber drivers along with the full names, email addresses, and cellphone numbers of 57 million drivers and riders across the world.
Uber maintains that no credit card numbers, bank data, Social Security numbers, or birthdates were exposed. Uber also maintains that no fraudulent activity related to the breach has been detected. However, that brings up the next point: leaked data isn’t always used immediately.
3. Exposed data isn’t always exploited immediately
You might think that cybercriminals would use hacked data immediately, but that’s not always the case. Sometimes cybercriminals hang onto data and use it to find additional data. For example, if they have a Social Security number, they might use it to gain access to other accounts to collect more data on a person before using all the data to steal their identity.
Ridesharing customers can’t be reassured that their exposed data isn’t at risk for exploitation simply because it hasn’t yet been exploited. Only time will tell.
4. Employees might use customer data for ill intentions
Hackers are only part of the potential problem ridesharing customers face. The potential exists for authorized employees to access customer data and use that data for devious purposes. For instance, a former Lyft employee has outed other staff members for using their access privileges to spy on passengers and get Mark Zuckerberg’s personal phone number.
Unfortunately, Lyft did not enforce abuse of, nor did they restrict access to their data insights tool that provided data like passenger drop-off and pick-up coordinates. Employees took full advantage of the lack of enforcement and used the data insights tool to get celebrity phone numbers and spy on exes, spouses, and random passengers.
Ridesharing customers: be proactive
If you’re in the habit of catching an Uber or Lyft (or a local ridesharing company), your data may not be as safe as you think. You may want to consider using a prepaid credit card that isn’t connected to your main checking or credit account and only fill the card when needed.
Be proactive with your ridesharing adventures. Don’t let the risks stop you from using the services, but make the effort to protect yourself just in case your personal data ends up exposed in a data breach.