Proactive Investors - Run By Investors For Investors

Uber fined £385,000 for letting hackers steal data on 2.7mln UK customers in 2016

The UK Information Commissioner's Office said the cyber attack – which saw full names, addresses and phone numbers of users stolen – happened because of "avoidable data security flaws”
Cyberattack
Uber has also been fined €600,000 (£532,000) by data regulators in the Netherlands over the same breach, which also affected 174,000 Dutch customers

The UK Information Commissioner's Office (ICO) has fined privately-owned ride-hailing app group Uber Technologies £385,000 for letting hackers steal data on 2.7mln UK customers.

The ICO said the 2016 cyber-attack – which saw full names, addresses and phone numbers of users stolen – happened because of "avoidable data security flaws”.

READ: Uber reports higher 3Q revenue, but losses increase as company eyes 2019 IPO

Uber has also been fined €600,000 (£532,000) by data regulators in the Netherlands over the same breach, which also affected 174,000 Dutch customers.

The records of almost 82,000 drivers based in the UK – which included details of journeys made and how much they were paid – were also taken during the incident in October and November 2016.

The ICO investigation found ‘credential stuffing’, a process by which compromised username and password pairs are injected into websites until they are matched to an existing account, was used to gain access to Uber’s data storage.

However, the customers and drivers affected were not told about the incident for more than a year. Instead, Uber paid the attackers responsible $100,000 to destroy the data they had downloaded.

Steve Eckersley, ICO Director of Investigations said: "This was not only a serious failure of data security on Uber's part but a complete disregard for the customers and drivers whose personal information was stolen.”

He added: “Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber attack.

“Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

The details on the 2.7mln UK customers were part of a massive cache of information on 57mln people taken by the hacker group in October and November 2016.

Uber has paid $148mln to settle US Federal charges over the 2016 breach.

View full UBER profile View Profile

Uber Technologies Inc Timeline

Article
April 12 2019

Related Articles

man with mobile biometric tracking device
March 20 2019
Ipsidy has seen the market for its proprietary biometric technology explode after the hacks of Equifax Inc, Target Corp and Home Depot
Person watching TV on a smartphone
September 30 2018
"The business model is proving solid and with a higher percentage of revenues coming from recurrent subscriber-based licence fees, we are steadily reaching the point of profitability," said chief executive, Jose Luis Vazquez.
location map
April 02 2019
Verify helps brands detect location ad-fraud and verify the authenticity of location data to ensure their campaigns are targeting the areas they are supposed to
Copyright © Proactiveinvestors.com, 2019. All Rights Reserved - Proactive Investors North America Inc., Proactive Investors LLC

Market Indices, Commodities and Regulatory News Headlines copyright © Morningstar. Data delayed 15 minutes unless otherwise indicated. Terms of use