Uber warns cyber attacks could cripple its business

  • Uber has filed to public.
  • In its prospectus made public for the first time Thursday, the company warned cyber attacks could affect its future business.
  • In 2017, the company disclosed a major cyberattack that compromised 57 million users.

Uber has officially filed to go public.

The ride-hailing giant made its paperwork public for the first time on Thursday, providing us the first comprehensive look under the hood at the company’s financials, risk factors and more.

Among those risk factors was a stern warning about how important technology – and the security of that technology – is for Uber.

We rely heavily on information technology systems across our operations,” the company said in the filing.Computer malware, viruses, spamming, and phishing attacks have become more prevalent in our industry, have occurred on our systems in the past, and may occur on our systems in the future,” the company continued.

In 2017, for example, Uber paid hackers $US100,00 to cover up a 2016 cyber attack that exposed the personal data of 57 million people, including both riders and drivers. Among the info stolen was a trove of data including the names, emails, and phone numbers for 50 million riders globally, as well as the personal information of 7 million drivers. This included US driver’s licence numbers, but no Social Security numbers, according to Uber.

“None of this should have happened, and I will not make excuses for it,” CEO Dara Khosrowshahi said in a blog post at the time. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

Read Business Insider’s full coverage of Uber’s IPO here.

Here’s the full disclosure from Uber’s S-1:

We rely heavily on information technology systems across our operations. Our information technology systems, including mobile and online platforms and mobile payment systems, administrative functions such as human resources, payroll, accounting, and internal and external communications, and the information technology systems of our third-party business partners and service providers contain proprietary or confidential information related to business and sensitive personal data, including personally identifiable information, entrusted to us by platform users, employees, and job candidates. Computer malware, viruses, spamming, and phishing attacks have become more prevalent in our industry, have occurred on our systems in the past, and may occur on our systems in the future. Various other factors may also cause system failures, including power outages, catastrophic events, inadequate or ineffective redundancy, issues with upgrading or creating new systems or platforms, flaws in third-party software or services, errors by our employees or third-party service providers, or breaches in the security of these systems or platforms. For example, third parties may attempt to fraudulently induce employees or platform users to disclose information to gain access to our data or the data of platform users. If our incident response, disaster recovery, and business continuity plans do not resolve these issues in an effective manner, they could result in adverse impacts to our business operations and our financial results. Because of our prominence, the number of platform users, and the types and volume of personal data on our systems, we may be a particularly attractive target for such attacks. Although we have developed systems and processes that are designed to protect our data and that of platform users, and to prevent data loss, undesirable activities on our platform, and security breaches, we cannot assure you that such measures will provide absolute security. Our efforts on this front may be unsuccessful as a result of, for example, software bugs or other technical malfunctions; employee, contractor, or vendor error or malfeasance; government surveillance; or other threats that evolve, and we may incur significant costs in protecting against or remediating cyber-attacks. Any actual or perceived failure to maintain the performance, reliability, security, and availability of our products, offerings, and technical infrastructure to the satisfaction of platform users and certain regulators would likely harm our reputation and result in loss of revenue from the adverse impact to our reputation and brand, disruption to our business, and our decreased ability to attract and retain Drivers, consumers, restaurants, shippers, and carriers.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.