🤯 Uber’s had a bad autumn when it comes to data breaches. On the heels of being hacked in September, Uber employee data was recently leaked as a result of a separate incident. The data included names, email addresses, and device information on over 77,000 Uber employees.

This most recent breach was not a breach of Uber’s systems but a breach of one of Uber’s vendors. The vendor, Teqtivity, helps Uber manage IT assets. Teqtivity backup systems on Amazon Web Services (AWS) were hacked and the data accessed included data on Uber’s employees, along with employee data from some other companies.

Teqtivity was a 3rd party to Uber. 3rd parties, in providing services to their customers, pose a potential risk to your data. Uber does not control Teqtivity systems or security, just as none of us control the systems or security of all the apps we use on our phones and computers every day.

Companies try to manage 3rd party risk by sending out security questionnaires or requiring security reports or certifications, like SOC 2, for all vendors.

What can you do?

👉 Know that any app you use that houses sensitive data is a potential risk.

👉 Check default security and privacy settings.

👉 Ask for help if you have any questions or concerns about apps.

----

Want to subscribe your team to weekly posts like this in Slack? Check out Heakka Streams. Streams are a subscription to current, relevant security training content for you employees in Slack. All Streams are 100% customizable by admins before they are sent to your team.