Uber Got Fined By UK Regulators For 2016 Data Hack

Shakti - Dec 03, 2018

Uber, a ride-hailing company, was fined because of the data compromise in 2016 cyber attack. This article clarifies actions of Britain and Dutch regulators

Ride-sharing app Uber on Tuesday was fined by British and Dutch authorities for exposing personal information of millions of user accounts during 2016 cyber attack.

The 2016 data breach affected 57 million users all over the world, leading to the compromise of personal details such as names, email addresses, and phone numbers. Specifically, almost Uber’s customers in Britain were its victims, with 2.7 million people recorded.

Uber App in the UK

The UK ICO (Information Commissioner’s Office) announced a penalty of ₤385,000 ($490,760) for the ride-hailing company, whereas that number of the DPA (Dutch Data Protection Authority) was €600,000 ($678,780).

According to ICO, information of around 82,000 UK drivers, including ride details and received payment, was leaked due to the failure of security in 2016.

Because the launch of cyber attack occurred before the European Union's General Data Protection Regulation (GDPR) legislation went into effect, Uber was not punished based on this law. To the new rule, the ICO can give financial penalties up to ₤17 million or 4% of global annual revenues.

Additionally, Uber has got problems with the license in London and has to deal with the legal battle of workers’ rights in the UK. An Uber spokesperson said they had made a change in data practices after the cyber attack. They also hired a data protection officer and a chief privacy officer to increase the level of security for customers’ data.

Personal information of 174,000 Uber’s users in the Netherlands was stolen, and the Dutch authority said it was fining Uber because it did not report the data breach within 72 hours.