The northern United Kingdom city of York has voted against renewing Uber’s license in the city. The city council rejected Uber’s application for renewal because of concerns about the data breach that affected 57 million users worldwide and widespread complaints about the service.
Of potentially greater impact for Uber in the United Kingdom is the fight to regain its license to operate in London. In October, Transport for London refused to renew the license. TfL said it had rejected the company’s application to renew its license because “Uber’s approach and conduct demonstrate a lack of corporate responsibility” in relation to reporting serious criminal offences, obtaining medical certificates and driver background checks. Uber can continue operating in London while the appeals process takes place.
The company has also been forced to quit countries including Denmark and Hungary.
Uber’s chief executive, Dara Khosrowshahi, has acknowledged the impact to business as a result of a bad reputation, noting in a communication to staff:
“The truth is that there is a high cost to a bad reputation,” he wrote. “It really matters what people think of us, especially in a global business like ours.”
The data breach has become the icing on a cake of bad publicity for Uber, as stories of Uber’s workplace environment and its treatment of employees preceded the breach. Then, the breach itself was compounded by a significant delay in announcing and an attempt to cover up the breach.
This case highlights the many types of costs resulting from a data breach. Beyond the initial clean-up cost, there are longer-term costs like:
- Impact to brand value and reputation
- Impact to customer trust and satisfaction
- Loss of customers; a Gemalto study of over 10,000 people worldwide, Data Breaches and Customer Loyalty, found that if a company suffered a data breach, 70% of consumers would stop doing business with it.
- Regulatory decisions that impact ability to do business, such as the ability for Uber to do business in the UK.
Organizations should be taking steps to prevent data breaches and responding properly in the event of a breach:
- Identify your most valuable data and the threats to this data.
- Create an incident response plan and ensure buy-in from all involved partners in the plan.
- Use employee monitoring software to help in detection efforts. Many breaches are the result of insider negligence or abuse.
- Establish a culture where data protection is a priority, and ensure everyone in the organization is ‘all-in’ on security awareness training.
- In the event you do incur a data breach, take steps to mitigate breach costs.
Because data breach costs can have such a huge impact to business operations, data protection steps like the above should be a regular topic of discussion at C-level meetings.
Uber Data Breach: Paid Hackers to Hide Cyber Attack
3 Lessons Learned from the Uber Data Breach
Uber Data Breach: Hacker Paid via Bug Bounty Program
2017 Ponemon Cost of Data Breach Study: Analyzing the Research
The Economic Value of Data and How to Protect it