Chuck Schumer Calls for New Federal Cybersecurity Rules
As cybersecurity attacks continue to make headlines worldwide, government officials are increasingly looking for ways to protect the citizens within their respective nations from falling victim to data and security breaches. This being said, Senate Majority Leader Chuck Schumer called on federal lawmakers to enact new cybersecurity legislation this past Sunday. Moreover, Schumer has also called for more thorough investigations with respect to the cyber criminals and hackers that launch such cyberattacks, as many of the bad actors that are involved in these attacks often go unpunished despite their illegal actions.
To this end, Schumer was quoted during a news conference as saying “I am calling on the Federal Trade Commission, first, to ensure that companies do everything they can to protect consumer data, and on the Department of Justice to fully investigate and go after the hackers that aim to harm Americans.” Subsequently, Schumer went on to highlight several data breaches that have impacted major businesses in the past year, with the most notable being the breach that popular American ridesharing company Uber sustained last month.
Uber’s 2016 data breach
In many ways, the massive data breaches that Uber has experienced in recent years have come to epitomize the ever-increasing need for federal cybersecurity legislation. For reference, Uber was hit with the first of two major data breaches several years ago in 2016, when the ridesharing company fell victim to a cyberattack that impacted as many as 57 million consumers worldwide. Due in large part to the sheer number of individuals that were affected by the breach, Uber initially tried to cover the incident up by paying the criminals involved in the breach a ransom in the amount of $100,000 in BitCoin.
Nevertheless, in spite of the ransom that Uber’s former security officer Joe Sullivan reportedly paid to the criminals in question, in addition to mandating that they sign a non-disclosure agreement (NDA) before receiving this ransom payment, the truth regarding the cyberattack that took place was ultimately uncovered in 2017. As a result, the ridesharing company was ordered to pay $20 million in a settlement with the Federal Trade Commission (FTC), while Joe Sullivan was fired from the company. On top of this, Sullivan was also indicted on criminal charges for his role in the coverup.
Uber’s 2022 data breach
To this last point, the fiasco that Uber went through when the company’s security systems were hacked in 2016, in addition to the settlement that the company reached with the FTC a year later, would have seemingly been enough for Uber to begin strengthening its data protection and personal privacy measures and policies. However, the opposite has proven to be true, as Uber was hit with yet another data breach in September of this year. During the alleged event, a cybercriminal was able to launch a social engineering attack against an Uber employee.
Likewise, the criminal involved in the cyberattack was then able to gain access to Uber’s security network, as even the messages that employees had sent to one another via the office messaging platform Slack were infiltrated. Furthermore, Uber’s cloud storage system, as well as the company’s invoices were also disclosed during the attack, as legal authorities and cybersecurity experts continue to determine what exactly took place. To this end, the general lack of federal privacy legislation within the U.S. leaves American consumers vulnerable to the types of cybersecurity threats that have impacted Uber as of late.
Federal data privacy laws
What’s more, while data breaches are some of the most prominent examples of invasions of personal data on a mass scale, they are only a segment of the larger data protection issues that currently exist within American society. For example, in addition to cybercrime, multinational social media companies such as Meta, Twitter, and TikTok, among others, have all faced international criticism for their perceived failure to safeguard the privacy and personal information of the millions of consumers that utilize such platforms on a daily basis. As a result, even with the influence that Chuck Schumer wields within the U.S. Senate, his voice alone is not enough to tackle privacy issues that are proliferating on a worldwide scale.
While it remains to be seen whether or not the U.S. federal government will enact any form of legislation geared toward protecting the data privacy rights of American citizens in the upcoming years, recent developments would suggest that there is growing support for any legal mechanisms that would protect consumers from being involved in data breaches and other related cybercrimes. More importantly, however, the current data privacy landscape that exists within the U.S. will only give rise to additional cybersecurity threats and crimes, as any bad actor looking to hack a database or computer system has very little to fear from a legal perspective.