By Peter Holley
November 22, 2017
It may have been the most arresting detail in a story full of them: Not only did Uber allow hackers to make off with the personal data of 57 million customers and drivers, but the ride-hailing company also had paid those same criminals $100,000 to delete the data and keep their mouths shut about the entire episode.
If it sounds like an old-school crime wrapped in a new-school mold — blackmail for the digital era — that’s because it is, according to cybersecurity experts. The only new thing about hacks and subsequent hush money is the belief among cybersecurity professionals that similar payments are occurring with increasing frequency.
“In the security practice, paying a ransom is usually cheaper than paying the price of corrective actions after a successful breach,” said Csaba Krasznay, a security evangelist at Balabit.com, referring to the price of public and regulatory scrutiny that could come from announcing a breach. “That is why the cyber crime model works: ‘We have your data, pay us X bitcoins and we won’t publish it on the dark net.’ Or: ‘We started a DDoS attack against your service, pay Y bitcoins and we’ll stop it.’ ”
He added: “Based on the rumors, more and more companies have their own bitcoin wallets for such cases.”