WASHINGTON (Gray DC) - Talk of compromise on Capitol Hill, but it’s over compromised personal information. A Kansas senator is looking into a 2016 Uber data breach jeopardizing driver and rider records. Senator Jerry Moran (R-KS) wants to make sure best practices are being used in the golden age of cybercrime. He says Kansans need to be assured of their privacy.
Sen. Moran (R-KS) says Kansas should be wary about the information they give to companies.
“It’s happening too often to say that you’re safe. We see this story too many times,” said Moran.
Uber waited a year to admit they paid hackers 100,000 dollars to stay quiet about the theft of 57 million driver and rider records. When the public found out, Uber claimed they paid the hackers to find flaws in their own system, a practice known as “bug bounties”. Moran says the cover up and lack of reporting from the company are inexcusable.
“We need to discourage the amount of information that a company has. People need to be cautious about the kind of information they provide,” said Moran.
Moran admits bug bounties can be useful tools, but this hearing highlighted the grey area between good and bad hackers. Some in the industry fear a crackdown on all hackers would actually jeopardize your data.
“There is an important element in having friendly hackers have a legal way to report security vulnerabilities,” said Katie Moussoris from Luta Security.
Her company does bug bounty work. She says bad actors are out there, like the ones responsible for the Uber breach. So, she says legal avenues for well-intentioned hackers must remain open to thwart them.
“You will be breached eventually, it’s what you do about it, how quickly you recover, that determines are you good at cybersecurity or are you negligent,” said Moussoris.
The subcommittee members say they will work to craft legislation to avoid these mishaps in the future.