Uber Fined By Regulators In Britain & The Netherlands

Uber has been fined £385,000 by a UK watchdog for failing to protect customers’ personal information during a cyber-attack. A series of “avoidable data security flaws” allowed the personal details of around 2.7 million UK customers to be accessed and downloaded by attackers, the Information Commissioner’s Office (ICO) said.

This included full names, email addresses and phone numbers, exposing people to an “increased risk of fraud”.

The records of almost 82,000 UK drivers, including details of journeys made and how much they were paid, were also taken during the incident in October and November 2016.

ICO director of investigations Steve Eckersley said: “This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen.

“At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Hackers obtained personal details of a total of 57 million Uber customers and drivers worldwide from a cloud-based storage system operated by the ride hailing app firm’s US parent company. Customers and drivers affected were only alerted when Uber made an announcement in November 2017.

Uber paid the attackers responsible 100,000 US dollars (£78,000) to destroy the data they had downloaded.
Mr Eckersley added: “Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber-attack.

“Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

Chun Wong, partner at law firm Hodge Jones and Allen, which specialises in data breach cases, said: “Uber’s flagrant disregard with people’s data and then attempts to cover it up signifies one of the worst data breaches we have seen to date.

“Uber will consider themselves fortunate that higher fines brought in in May this year were not in force, which could have meant them facing fines of up to 4% of their turnover or 20 million euros, whichever is the higher.

“The fine of £385,000 seems a small price to pay and will be of little comfort to those affected.”

Uber was also handed a separate 600,000-euro (£532,000) fine by the data protection authority in the Netherlands. The Autoriteit Persoonsgegevens said 174,000 Dutch citizens were affected by the hack.In June, a judge granted Uber a short-term operating licence in London after its permit was initially not renewed over safety concerns.

The firm conceded it had made “serious mistakes” and Transport for London was correct in its renewal decision, but told an appeal hearing it had made “wholesale” reforms.

IrishNews:

You Might Also Read:

Uber Pay $148m Penalty For Breach Cover-Up:

« Barclays Fights Off Cyber-Attacks Daily
Google Challenged Over Location Tracking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

CSA Events

CSA Events

Cloud Security Alliance conducts a series of conferences around the world. This listing provides a link to details of upcoming events.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

Logz.io

Logz.io

Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a enterprise-grade cloud service with machine learning technology.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

OneStep Group

OneStep Group

OneStep Group are a leading Australian provider of information and communications technology (ICT) services, connecting businesses through technology solutions and support.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.