Uber Fined Another $1.2 Million for Covering up Personal Data Breach
In 2016, Uber experienced a massive data breach that comprised millions of users' personal information. To make matters worse, the ride-hailing giant tried to coverup that it was attacked by hackers. Now, the company is facing punishment by European authorities for the mishap.
The United Kingdom's Information Commissioner's Office is slapping Uber with a £385,000 fine ($491,284) while the Dutch Data Protection Authority will fine the company €600,000 ($679,257). Both bodies say Uber failed to protect customers' personal data, which included names, email addresses, phone numbers and driver pay records. Uber also faced fines for not reporting the security breach in a timely manner.
There were 2.7 million UK citizens and 174,000 in the Netherlands affected by the breach. In September, Uber agreed with the US government to a $148 million settlement for the breach. After Uber had discovered the breach in 2016, company executives paid the hackers $100,000 to destroy the stolen data of 57 million worldwide users (and drivers) and decided not to report the incident to government authorities.
"This was not only a serious failure of data security on Uber's part, but a complete disregard for the customers and drivers whose personal information was stolen," ICO Director of Investigations Steve Eckersley said, reports CNBC. "At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable."
Uber has hired a new chief privacy officer and chief trust and security officer, fired executives involved in the coverup and implemented a program that encourages employees to report unethical behavior.
An Uber spokesperson told CNBC it was "pleased to close this chapter on the data incident from 2016."
Photo by Ali Balikci/Anadolu Agency/Getty Images.