American Airlines, DoorDash, Uber, U-Haul Hacked Over Past 30 Days
U.S. Senate Majority Leader and New York’s Senior Senator Chuck Schumer called on the federal government to publicly disclose more information on recent hacks that occured, including data breaches at American Airlines, DoorDash, Uber & U-Haul over the past 30 days.
Schumer made the announcement on Oct. 2, and explained that a new law passed in March of this year gave the feds more oversight on many hacks and said more public information for impacted consumers should be made available. He said many consumers are clueless about these recent hacks and others that have preceded them.
Sen. Schumer said he wants the feds to publicly disclose more details on recent breaches, and give impacted consumers more help and information. Schumer said these most recent hacks span a variety of U.S. industries and that we must be vigilant about where these hacks originate and the information they collect.
Revealing that in, roughly, the last 30 days, American Airlines, DoorDash, Uber and U-Haul have all been hacked and experienced a serious data breach, Schumer called on the Federal Trade Commission (FTC) to ensure companies are doing everything they can to protect consumer data as he also called on the Department of Justice (DOJ) to fully investigate and go after hackers aiming to harm Americans and New Yorkers.
“In roughly the last thirty days, vital and personal information has been hacked at many major U.S. companies, compromising people’s privacy. Yet, if you ask most people about these hacks they don’t even know they occurred and the feds are saying very little,” said U.S. Senator Charles Schumer. “In fact, for a lot of consumers, unless you have a service—which often comes at a cost—you are not aware of these breaches and hacks. And in some cases, even if you do have a service that alerts you, information about where your personal information went, the origin of the hack and so much more is elusive.”
“Today, I am calling on the Federal Trade Commission (FTC) to ensure companies are doing everything they can to protect consumer data and on the Department of Justice (DOJ) to fully investigate and go after hackers aiming to harm Americans and New Yorkers,” Schumer added. “The feds have a law on the books to glean more information on major hacks, so the message today is: give consumers the details and investigate who is hacking. If a company is not doing right by their customers’ very personal information, then hold them to account as well. That is the two-pronged message today.”
Schumer explained that in a March 2022 government funding package that was signed by the president, sweeping cybersecurity legislation was enacted that required many industries to quickly report data breaches and ransomware payments. The new law, the Cyber Incident Reporting Act, according to Bloomberg, mandated that companies report hacks to the U.S. Department of Homeland Security within 72 hours of discovery of the incident, and 24 hours if they make a ransomware payment.
FBI officials, according to the report, estimated that the bureau has visibility into a quarter of cyber incidents, resulting in a government-wide lack of information about the nature of many data breaches, the tactics of cybercriminals and the U.S. industries that are most vulnerable. The legislation, the report noted, positioned DHS’s Cybersecurity and Infrastructure Security Agency as a central hub for receiving private sector incident response reports from owners and operators of critical infrastructure, sharing threat data and tracking the evolution of ransomware, a pernicious issue for American business that has been difficult to quantify. The feds have not said how they will use data gleaned from breach reports, but has been seeking to build its capabilities and work more closely with the private sector on a voluntary basis, Bloomberg noted.
On September 20th, American Airlines confirmed a data breach and said an “unauthorized actor” gained access to personal information of a small number of customers and employees through a phishing campaign.
On August 28th, DoorDash publicly revealed that a sophisticated phishing attack left customers’ personal information and partial payment information exposed to hackers.
On September 16th, Uber revealed that their computer systems were breached and that they alerted authorities.
On September 8th, a cyberattack hit Suffolk County on Long Island and wreaked havoc on the entire system, including the 9-1-1 center.
“I have been monitoring the cyberhack situation in Suffolk County, and my team will continue coordinating with the County to help them however we can, but for a local government to have to shut down computer systems in an effort to protect data, that is not something we want happening anywhere. The feds should detail who exactly hacked Suffolk, what info they got and detail what tools we can give Long Island so this doesn’t happen again. I just secured robust federal dollars to help prevent this exact kind of thing on behalf of our local governments,” Schumer said.