Uber Fined By Regulators In Britain & The Netherlands

Uber has been fined £385,000 by a UK watchdog for failing to protect customers’ personal information during a cyber-attack. A series of “avoidable data security flaws” allowed the personal details of around 2.7 million UK customers to be accessed and downloaded by attackers, the Information Commissioner’s Office (ICO) said.

This included full names, email addresses and phone numbers, exposing people to an “increased risk of fraud”.

The records of almost 82,000 UK drivers, including details of journeys made and how much they were paid, were also taken during the incident in October and November 2016.

ICO director of investigations Steve Eckersley said: “This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen.

“At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Hackers obtained personal details of a total of 57 million Uber customers and drivers worldwide from a cloud-based storage system operated by the ride hailing app firm’s US parent company. Customers and drivers affected were only alerted when Uber made an announcement in November 2017.

Uber paid the attackers responsible 100,000 US dollars (£78,000) to destroy the data they had downloaded.
Mr Eckersley added: “Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber-attack.

“Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

Chun Wong, partner at law firm Hodge Jones and Allen, which specialises in data breach cases, said: “Uber’s flagrant disregard with people’s data and then attempts to cover it up signifies one of the worst data breaches we have seen to date.

“Uber will consider themselves fortunate that higher fines brought in in May this year were not in force, which could have meant them facing fines of up to 4% of their turnover or 20 million euros, whichever is the higher.

“The fine of £385,000 seems a small price to pay and will be of little comfort to those affected.”

Uber was also handed a separate 600,000-euro (£532,000) fine by the data protection authority in the Netherlands. The Autoriteit Persoonsgegevens said 174,000 Dutch citizens were affected by the hack.In June, a judge granted Uber a short-term operating licence in London after its permit was initially not renewed over safety concerns.

The firm conceded it had made “serious mistakes” and Transport for London was correct in its renewal decision, but told an appeal hearing it had made “wholesale” reforms.

IrishNews:

You Might Also Read:

Uber Pay $148m Penalty For Breach Cover-Up:

« Barclays Fights Off Cyber-Attacks Daily
Google Challenged Over Location Tracking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

Inky Technology Corp

Inky Technology Corp

Inky® Phish Fence is an email protection gateway that uses sophisticated AI, machine learning and computer vision algorithms to block deep sea phishing attacks that get through every other system.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

Everything Blockchain

Everything Blockchain

Everything Blockchain offer solutions that transform enterprise data-management capabilities. Increased efficiency, super-charged performance and all with government grade security.

Opora

Opora

Opora is the leading cybersecurity provider of adversary behavior analytics “ABA” and preemptive security solutions.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.