Uber fined by UK and Dutch regulators over data breach

Uber has landed in hot water with British and Dutch data protection regulators over a massive data breach that saw customers and drivers’ personal information leaked only months after US state authorities fined the company a record $148 million for the same infraction.

Uber
Source: Bloomberg

Uber has landed in hot water with British and Dutch data protection regulators over a massive data breach that saw customers and drivers’ personal information leaked only months after US state authorities fined the company a record $148 million for the same infraction.

The UK’s Information Commissioner’s Office (ICO) announced that it is finding Uber £385,000 for ‘failing to protect customers’ personal information during a cyber-attack’.

According to the ICO, the ridesharing company had a series of ‘avoidable data security flaws’ that led to around 2.7 million UK customers and 82,000 drivers' personal information to be accessed and downloaded by hackers from a cloud-based storage system operated by Uber’s parent company.

‘This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,’ ICO Director of Investigations Steve Eckersley said.

‘At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable,’ he added.

Uber tried to cover up data breach

At the same time, Uber came under fire from Dutch data protection authorities who have issued a fine of €600,000 (£532,000) for not reporting its information breach to the regulator within 72 hours after the leak was discovered.

To make matters worse, Uber first realised that it had been hacked back in December 2016 but rather than notifying customers, drivers and regulators about the breach, it opted to pay the hackers $100,000 to cover up the leak.

US states $148 million settlement

Back in September, Uber agreed to pay $148 million to 50 US states and the District of Columbia over the same data breach that saw British and Dutch authorities levy heavy fines against the company.

As part of the settlement with US state authorities, Uber must ‘adopt model data breach notification and data security practices and a corporate integrity program for employees to report unethical behaviour, and hire an independent third party to assess its data security practices’.

Denne informasjonen har blitt forberedt av IG Europe GmbH og IG Markets Ltd (begge IG). I tillegg til disclaimeren nedenfor, inneholder ikke denne siden oversikt over kurser, eller tilbud om, eller oppfordring til, en transaksjon i noe finansielt instrument. IG påtar seg intet ansvar for handlinger basert på disse kommentarene og for eventuelle konsekvenser som et resultat av dette. Ingen garanti gis for nøyaktigheten eller fullstendigheten av denne informasjonen. Personer som handler ut i fra denne informasjonen gjør det på egen risiko. Forskning gitt her tar ikke hensyn til spesifikke investeringsmål, finansiell situasjon og behov som angår den enkelte person som mottar dette. Denne informasjonen er ikke utarbeidet i samsvar med regelverket for investeringsanalyser, så derfor er denne informasjonen ansett å være markedsføringsmateriale. Selv om vi ikke er hindret i å handle i forkant av våre anbefalinger, ønsker vi ikke å dra nytte av dem før de blir levert til våre kunder. Se fullstendig disclaimer og kvartalsvis oppsummering.

Finn artikler av analytikere

CFDer er komplekse instrumenter som innebærer stor risiko for raske tap på grunn av giring. 74 % av alle ikke-profesjonelle kunder taper penger på CFDer hos denne leverandøren. Du burde tenke etter om du forstår hvordan CFDer fungerer og om du har råd til den høye risikoen for å tape penger. Profesjonelle kunder kan tape mer enn sitt opprinnelige innskudd. Opsjoner er komplekse finansielle instrument og du risikerer kapitalen din. CFDer er komplekse instrumenter som innebærer stor risiko for raske tap på grunn av giring.