Uber Fined By Regulators In Britain & The Netherlands

Uber has been fined £385,000 by a UK watchdog for failing to protect customers’ personal information during a cyber-attack. A series of “avoidable data security flaws” allowed the personal details of around 2.7 million UK customers to be accessed and downloaded by attackers, the Information Commissioner’s Office (ICO) said.

This included full names, email addresses and phone numbers, exposing people to an “increased risk of fraud”.

The records of almost 82,000 UK drivers, including details of journeys made and how much they were paid, were also taken during the incident in October and November 2016.

ICO director of investigations Steve Eckersley said: “This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen.

“At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Hackers obtained personal details of a total of 57 million Uber customers and drivers worldwide from a cloud-based storage system operated by the ride hailing app firm’s US parent company. Customers and drivers affected were only alerted when Uber made an announcement in November 2017.

Uber paid the attackers responsible 100,000 US dollars (£78,000) to destroy the data they had downloaded.
Mr Eckersley added: “Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber-attack.

“Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

Chun Wong, partner at law firm Hodge Jones and Allen, which specialises in data breach cases, said: “Uber’s flagrant disregard with people’s data and then attempts to cover it up signifies one of the worst data breaches we have seen to date.

“Uber will consider themselves fortunate that higher fines brought in in May this year were not in force, which could have meant them facing fines of up to 4% of their turnover or 20 million euros, whichever is the higher.

“The fine of £385,000 seems a small price to pay and will be of little comfort to those affected.”

Uber was also handed a separate 600,000-euro (£532,000) fine by the data protection authority in the Netherlands. The Autoriteit Persoonsgegevens said 174,000 Dutch citizens were affected by the hack.In June, a judge granted Uber a short-term operating licence in London after its permit was initially not renewed over safety concerns.

The firm conceded it had made “serious mistakes” and Transport for London was correct in its renewal decision, but told an appeal hearing it had made “wholesale” reforms.

IrishNews:

You Might Also Read:

Uber Pay $148m Penalty For Breach Cover-Up:

« Barclays Fights Off Cyber-Attacks Daily
Google Challenged Over Location Tracking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CircleCI

CircleCI

CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Digital Security

Digital Security

Digital Security is an Ecuadorian company specialized in providing comprehensive information security solutions.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

PlanNet 21 Communications

PlanNet 21 Communications

PlanNet 21 Communications is Ireland most specialised technology solution provider.