Posted on November 27, 2018 by Louise Howland
Uber suffered a huge data breach in 2016, when the personal data from 57 million Uber accounts including 600,000 driving licence numbers was stolen by hackers. At the time Uber attempted to hide the breach from regulators. In 2017 they provided more information regarding the attack and acknowledged they should have disclosed more details regarding the data loss at the time of the breach.
This has been an extremely costly incident for Uber, as they have received a fine from the Information Commissioner’s Office (ICO) for £385,000 for the breach, which is eclipsed somewhat by the €600,000 fine from the Dutch Data Protection Authority (DPA). In addition to this Uber has had to pay £113m to settle legal action brought by the US government and states over Uber’s failure to give details about the data loss. Finally, at the time of the breach Uber paid $100,000 to the hackers to delete the data they had stolen from Ubers cloud servers.
Uber were lucky the data breach occurred in 2016 prior to the introduction of GDPR, because they avoided an even bigger fine, as the ICO could only levy penalties under the Data Protection Action, which carries a maximum fine of £500,000. If the breach had occurred after May 2018 when GDPR came into force, the ICO could have fined Uber up to an estimated £17 million, or four per cent of the company’s global annual turnover.
For Uber customers worried that their data may have been involved in the breach, we are advising customers to check their email addresses at https://haveibeenpwned.com to see if their information has been compromised.
If you would like more information on how to protect yourself or your organisation from cybersecurity breaches, contact us to speak to the cybersecurity team at ramsac.Get in touch with our cybersecurity team