Proactive Investors - Run By Investors For Investors

Uber fined £385,000 for letting hackers steal data on 2.7mln UK customers in 2016

The UK Information Commissioner's Office said the cyber attack – which saw full names, addresses and phone numbers of users stolen – happened because of "avoidable data security flaws”
Cyberattack
Uber has also been fined €600,000 (£532,000) by data regulators in the Netherlands over the same breach, which also affected 174,000 Dutch customers

The UK Information Commissioner's Office (ICO) has fined privately-owned ride-hailing app group Uber Technologies £385,000 for letting hackers steal data on 2.7mln UK customers.

The ICO said the 2016 cyber-attack – which saw full names, addresses and phone numbers of users stolen – happened because of "avoidable data security flaws”.

READ: Uber reports higher 3Q revenue, but losses increase as company eyes 2019 IPO

Uber has also been fined €600,000 (£532,000) by data regulators in the Netherlands over the same breach, which also affected 174,000 Dutch customers.

The records of almost 82,000 drivers based in the UK – which included details of journeys made and how much they were paid – were also taken during the incident in October and November 2016.

The ICO investigation found ‘credential stuffing’, a process by which compromised username and password pairs are injected into websites until they are matched to an existing account, was used to gain access to Uber’s data storage.

However, the customers and drivers affected were not told about the incident for more than a year. Instead, Uber paid the attackers responsible $100,000 to destroy the data they had downloaded.

Steve Eckersley, ICO Director of Investigations said: "This was not only a serious failure of data security on Uber's part but a complete disregard for the customers and drivers whose personal information was stolen.”

He added: “Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber attack.

“Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

The details on the 2.7mln UK customers were part of a massive cache of information on 57mln people taken by the hacker group in October and November 2016.

Uber has paid $148mln to settle US Federal charges over the 2016 breach.

View full UBER profile View Profile

Uber Technologies Inc Timeline

Article
April 12 2019

Related Articles

Phone with apps
Thu
The company owns and operates a scalable B2B SaaS platform that allows users to distribute their mobile apps across multiple app stores such as Google Play
Person watching TV on a smartphone
October 01 2018
"The business model is proving solid and with a higher percentage of revenues coming from recurrent subscriber-based licence fees, we are steadily reaching the point of profitability," said chief executive, Jose Luis Vazquez.
Rail car on a track
July 26 2018
The US has more than 1.5 million freight cars and Duos Technologies has found a faster and innovative way to safely maintain them

© Proactive Investors 2019

Proactive Investors Limited, trading as “Proactiveinvestors United Kingdom”, is Authorised and regulated by the Financial Conduct Authority.
Registered in England with Company Registration number 05639690. Group VAT registration number 872070825 FCA Registration number 559082. You can contact us here.

Market Indices, Commodities and Regulatory News Headlines copyright © Morningstar. Data delayed 15 minutes unless otherwise indicated. Terms of use