Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Uber Fined Nearly $1.2 Million by Dutch, UK Over Data Breach

The ride-hailing service Uber has been fined the equivalent of nearly $1.2 million by British and Dutch authorities for failing to protect customers’ data during a cyberattack in 2016.

The ride-hailing service Uber has been fined the equivalent of nearly $1.2 million by British and Dutch authorities for failing to protect customers’ data during a cyberattack in 2016.

Britain’s Information Commissioner’s Office said Tuesday it fined the company 385,000 pounds ($491,000) and Dutch officials imposed a 600,000-euro ($679,000) fine for violating Dutch data protection laws.

British officials cited a series of “avoidable data security flaws” that allowed personal data for roughly 2.7 million U.K. customers to be downloaded by hackers during an incident in October and November 2016.

The information commission’s director of investigations, Steve Eckersley, said Uber had shown a “complete disregard for the customers and drivers whose personal information was stolen” after the substantial security breach.

“At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support,” he said. “That left them vulnerable.”

Dutch officials say Uber did not report the data breach to authorities within 72 hours as required by regulations. The Dutch Data Authority says 57 million users worldwide and 174,000 Dutch citizens were affected by the data breach.

The U.S.-based company said in a statement that Uber is “pleased to close this chapter on the data incident from 2016.”

It said a number of technical improvements have been made to the security system since then.

“We learn from our mistakes,” the company said. The statement also cites a number of changes to the senior management team that have been made in the last year.

Related: Hackers From Florida, Canada Behind 2016 Uber Breach

Related: Uber Agrees to $148M Settlement With States Over Data Breach

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack