This week on Badly Handled Data Breach Theater, it's Uber in the hotseat. New CEO Dara Khosrowshahi, who seems to have inherited from Noted Dirtbag Travis Kalanick the business equivalent of a flaming used diaper, reveals (ta-da!) in a solemn blog post that personal information belonging to 57 million Uber customers was stolen in 2016 by "two individuals outside the company." Stolen data includes names, email addresses, and mobile phone numbers. Oh, and also: they knew this a year ago and never bothered to tell anybody about it. Whoopsie Daisy!
Khosrowshahi, who is admittedly new to the CEO chair and doesn't really deserve any opprobrium for the cover-up of this breach, poses a very good question in the aforelinked blog post:
You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.
Yes Dara, we may be asking that question indeed, and we might be punctuating it with a hearty "WTF!?"
Operators of online services: please learn from this idiocy. If somebody haxx0rz you and pwns your box, at least have the basic decency to tell the victims of your negligence that their data has been stolen.