Proactive Investors - Run By Investors For Investors

Uber fined £385,000 for letting hackers steal data on 2.7mln UK customers in 2016

The UK Information Commissioner's Office said the cyber attack – which saw full names, addresses and phone numbers of users stolen – happened because of "avoidable data security flaws”
Cyberattack
Uber has also been fined €600,000 (£532,000) by data regulators in the Netherlands over the same breach, which also affected 174,000 Dutch customers

The UK Information Commissioner's Office (ICO) has fined privately-owned ride-hailing app group Uber Technologies £385,000 for letting hackers steal data on 2.7mln UK customers.

The ICO said the 2016 cyber-attack – which saw full names, addresses and phone numbers of users stolen – happened because of "avoidable data security flaws”.

READ: Uber reports higher 3Q revenue, but losses increase as company eyes 2019 IPO

Uber has also been fined €600,000 (£532,000) by data regulators in the Netherlands over the same breach, which also affected 174,000 Dutch customers.

The records of almost 82,000 drivers based in the UK – which included details of journeys made and how much they were paid – were also taken during the incident in October and November 2016.

The ICO investigation found ‘credential stuffing’, a process by which compromised username and password pairs are injected into websites until they are matched to an existing account, was used to gain access to Uber’s data storage.

However, the customers and drivers affected were not told about the incident for more than a year. Instead, Uber paid the attackers responsible $100,000 to destroy the data they had downloaded.

Steve Eckersley, ICO Director of Investigations said: "This was not only a serious failure of data security on Uber's part but a complete disregard for the customers and drivers whose personal information was stolen.”

He added: “Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber attack.

“Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected.”

The details on the 2.7mln UK customers were part of a massive cache of information on 57mln people taken by the hacker group in October and November 2016.

Uber has paid $148mln to settle US Federal charges over the 2016 breach.

View full UBER profile View Profile

Uber Technologies Inc Timeline

Article
April 12 2019

Related Articles

Internet address bar
Fri
In a February trading update, the firm said it had delivered a “strong” performance in 2018 with revenues for the year expected to be around £42.5mln compared to £24.3mln the year before
Rail car on a track
July 26 2018
The US has more than 1.5 million freight cars and Duos Technologies has found a faster and innovative way to safely maintain them
Big Data
May 20 2019
The company provides data management and analytics services through RAPid, a platform that automatically extracts, aggregates, improves and organises data and documents

© Proactive Investors 2019

Proactive Investors Limited, trading as “Proactiveinvestors United Kingdom”, is Authorised and regulated by the Financial Conduct Authority.
Registered in England with Company Registration number 05639690. Group VAT registration number 872070825 FCA Registration number 559082. You can contact us here.

Market Indices, Commodities and Regulatory News Headlines copyright © Morningstar. Data delayed 15 minutes unless otherwise indicated. Terms of use