Skip to main content
close search
site logo
Dive Brief

Uber hit with $1.2M in fines for 2016 data breach

Published Nov. 27, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Uber UK

Dive Brief:

  • Uber was fined a collective $1.17 million by the United Kingdom's Information Commissioner's Office (ICO) and the Dutch Data Protection Authority (Dutch DPA) Tuesday for failing to protect consumers during the ride sharing company's 2016 data breach.
  • The ICO fined 385,000 pounds, the equivalent of about $491,491, after a "series of unavoidable data security flaws" compromised the personal data of about 2.7 million U.K. customers and 82,000 drivers, according to the announcement.
  • The Dutch DPA imposed a fine of 600,000 euro, or about $679,690, because Uber "violated the Dutch data breach regulation" by not reporting the breach to the Dutch DPA and impacted individuals within 72 hours of discovery, according to the announcement.

Dive Insight:

Over the course of the last two years consumers personal data is not safe. Equifax, Uber and Yahoo were among many firms that disclosed massive breaches.

But Uber tried to cover up the breach that compromised 57 million worldwide accounts.

Corporate negligence, intentional or not, is no longer tolerated by watch dogs waiting to hand down fines to companies that abuse consumer data. Uber was able to escape fines that would have been imposed by GDPR had the regulation been implemented sooner. 

ICO's investigation into the breach confirmed credential stuffing, a process bad actors use to inject password and username combinations into websites until a match is uncovered. The hardline approach ICO and the Dutch DPA have taken prove that regulators are more serious than ever when it comes to data transparency.

The tech industry is known for its lack of regulation, and without a set federal privacy law in the U.S., tech companies don't always feel the pain after a breach, unless it hits their bank accounts.

In August, Uber hired a replacement for its chief security officer and indicated the company was facing all the negative press and expected regulations head on.

The company has to work to regain the trust of its customers, but similar to Facebook, even in the wake of a data breach, most users remain loyal.

Recommended Reading

Filed Under: Security, Corporate

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell