2 min read

UK fine against Uber for 2016 data breach would be 200 times bigger in 2018

Filip TRUȚĂ

November 28, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
UK fine against Uber for 2016 data breach would be 200 times bigger in 2018

Uber”s widely publicized data leak from two years ago has finally resulted in a fine from the UK Information Commissioner”s Office. The penalty would have been 203 times the amount if the leak had occurred this year, after the GDPR era took effect in May.

“The Information Commissioner”s Office (ICO) has fined ride sharing company Uber £385,000 for failing to protect customers” personal information during a cyber attack,” reads the announcement. In US dollars, that figure translates into around $492,000.

As readers may remember, a series of flaws in Uber”s servers let hackers steal personal data of 2.7 million UK customers, as well as the records of almost 82,000 British drivers. The leak exposed full names, email addresses, phone numbers, journey info and even payment data. An investigation revealed that attackers used “credential stuffing” to access the data. As its name implies, the process involves “stuffing” credentials (leaked from a previous breach) into websites until they match existing accounts.

The ICO isn”t upset about the breach itself so much as it”s upset over Uber”s poor judgement in secretly paying the attackers money to have the data destroyed, a decision that made the case so controversial. Furthermore, those affected by the breach were not told about the incident until after a full year had passed. Whenever a company is breached, rapid disclosure is imperative so customers can take steps to protect themselves against fraud.

“This was not only a serious failure of data security on Uber”s part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable,” said ICO Director of Investigations Steve Eckersley.

“Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber attack. Although there was no legal duty to report data breaches under the old legislation, Uber”s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected,” Eckersley added.

The Netherlands has also fined Uber €600,000 through its local data protection authority, Autoriteit Persoonsgegevens.

Under the new General Data Protection Regulation, this blunder would have landed Uber a fine in the vicinity of 100 million US dollars (around £78 million) calculated at 4% of its last annual turnover of $2.7 billion. But because the breach occurred in the pre-GDPR era, the ICO has fined Uber close to the maximum penalty under the then-applicable 1996 Data Protection Act (DPA).

The ICO did the same last month when it fined Facebook the measly sum of £500,000 for the immensely controversial Cambridge Analytica scandal that was said to have helped Russia interfere with US elections. And a month earlier, the same fine was issued to Equifax for its monumental 2017 breach that resulted in exposure of 147 million customer records, the firing of two company executives overnight, and the sullying of its image beyond repair.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EU to Enforce Stricter Cybersecurity Regulations for IoT Devices and Software EU to Enforce Stricter Cybersecurity Regulations for IoT Devices and Software
Silviu STAHIE

September 20, 2022

1 min read
Hacker Posts GTA VI Videos on GTAForums, Claims to Have Stolen Source Code Hacker Posts GTA VI Videos on GTAForums, Claims to Have Stolen Source Code
Silviu STAHIE

September 19, 2022

1 min read
Starbucks Singapore warns customers after hacker steals data, offers it for sale on underground forum Starbucks Singapore warns customers after hacker steals data, offers it for sale on underground forum
Graham CLULEY

September 16, 2022

1 min read