Uber fined £385,000 following UK data breach
ICO hits Uber with fine for failing to protect customer data.
Uber has been fined £385,000 for failing to protect customer information following a major data breach.
The taxi-hailing app was punished by the Information Commissioner's Office (ICO) after the breach, which saw the personal details of around 2.7 million UK customers put at risk back in October and November 2016.
Account details of 82,000 Uber drivers based in the UK, including their payments received and journey details, were also taken during the incident.
Uber has also been fined by the data protection authority in the Netherlands, the Autoriteit Persoonsgegevens, being ordered to pay €600,000 after 174,000 users in the country were also affected.
Uber data breach fine
Uber did not tell the customers or drivers affected about the incident for more than a year, instead paying the attackers responsible $100,000 to destroy the data that had been downloaded.
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen," said ICO Director of Investigations Steve Eckersley.
"At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Eckersley added that Uber paying the attackers but not disclosing this was not "an appropriate response" to the attack.
And although the company was not legally obligated to report the breach (which took place before GDPR came into force, so was covered by the older Data Protection Act 1998, the ICO noted that "Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”
- Want to ensure you stay private online? Check out the best VPN services of 2019
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.