- Matt Winkelmeyer/Getty Images
- Uber has been fined nearly $1.2 million for failing to protect customers’ personal information during a 2016 cyber attack that impacted millions of users.
- The fines were imposed by Britain’s Information Commissioner’s Office and the Dutch Data Protection Authority.
- Uber revealed last year that around 2.7 million people in the UK were affected by the data breach.
British and Dutch regulators on Tuesday fined ride-hailing service Uber for failing to protect customers’ personal information during a 2016 cyber attack involving millions of users.
The Information Commissioner’s Office (ICO) in Britain slapped a £385,000 ($490,759.50) fine on the firm, while the Dutch Data Protection Authority imposed a fine of €600,000 ($678,780.00) on Uber. The combined total is around $1.17 million.
Uber revealed last year that around 2.7 million people in the UK were affected by the 2016 data breach that it kept secret until 2017. The records of almost 82,000 drivers based in the UK were also taken, the ICO said.
In total, hackers stole details belonging to 50 million riders and seven million drivers.
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,” said the ICO’s Director of Investigations Steve Eckersley.
“At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”
Earlier this year, Uber paid $148 million to settle the hack in the US after failing to disclose it properly. The company reached the agreement with all 50 states and the District of Columbia.
An Uber spokesman said: “We’re pleased to close this chapter on the data incident from 2016. As we shared with European authorities during their investigations, we’ve made a number of technical improvements to the security of our systems both in the immediate wake of the incident as well as in the years since.
“We’ve also made significant changes in leadership to ensure proper transparency with regulators and customers moving forward. Earlier this year we hired our first chief privacy officer, data protection officer, and a new chief trust and security officer. We learn from our mistakes and continue our commitment to earn the trust of our users every day.”