logo-loader
viewUber Technologies Inc

Uber fined £385,000 for letting hackers steal data on 2.7mln UK customers in 2016

The UK Information Commissioner's Office said the cyber attack – which saw full names, addresses and phone numbers of users stolen – happened because of "avoidable data security flaws”

Cyberattack
Uber has also been fined €600,000 (£532,000) by data regulators in the Netherlands over the same breach, which also affected 174,000 Dutch customers

The UK Information Commissioner's Office (ICO) has fined privately-owned ride-hailing app group Uber Technologies £385,000 for letting hackers steal data on 2.7mln UK customers.

The ICO said the 2016 cyber-attack – which saw full names, addresses and phone numbers of users stolen – happened because of "avoidable data security flaws”.

READ: Uber reports higher 3Q revenue, but losses increase as company eyes 2019 IPO

Uber has also been fined €600,000 (£532,000) by data regulators in the Netherlands over the same breach, which also affected 174,000 Dutch customers.

The records of almost 82,000 drivers based in the UK – which included details of journeys made and how much they were paid – were also taken during the incident in October and November 2016.

The ICO investigation found ‘credential stuffing’, a process by which compromised username and password pairs are injected into websites until they are matched to an existing account, was used to gain access to Uber’s data storage.

However, the customers and drivers affected were not told about the incident for more than a year. Instead, Uber paid the attackers responsible $100,000 to destroy the data they had downloaded.

Steve Eckersley, ICO Director of Investigations said: "This was not only a serious failure of data security on Uber's part but a complete disregard for the customers and drivers whose personal information was stolen.”

He added: “Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber attack.

“Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

The details on the 2.7mln UK customers were part of a massive cache of information on 57mln people taken by the hacker group in October and November 2016.

Uber has paid $148mln to settle US Federal charges over the 2016 breach.

Quick facts: Uber Technologies Inc

Price: 32.06 USD

NYSE:UBER
Market: NYSE
Market Cap: $54.5 billion
Follow

Add related topics to MyProactive

Create your account: sign up and get ahead on news and events

NO INVESTMENT ADVICE

The Company is a publisher. You understand and agree that no content published on the Site constitutes a recommendation that any particular security, portfolio of securities, transaction, or investment strategy is...

FOR OUR FULL DISCLAIMER CLICK HERE

Watch

Full interview: Fireweed Zinc reveals 'best ever' hole drilled at Macmillan...

  Fireweed Zinc Ltd (CVE:FWZ) CEO Brandon Macdonald tells Proactive the zinc explorer has posted encouraging drill results from the first hole this year at the Boundary Zone in Yukon, an area that could boost the Macmillan Pass project's resources and economics. Macdonald says the...

1 day, 12 hours ago

2 min read