Uber hit by £900k fine over hacking complicity

Uber hit by £900k fine over hack failings

Uber has been levied with a £900k fine by British and Dutch regulators over its mishandling of sensitive customer and driver details. The ride-hailing app admitted to both losing the information to hackers and then subsequently trying to cover it up.

In the UK, Uber was fined £385k after the Information Commissioner’s Office (ICO) found that the company had shown a "complete disregard" for customers and staff while an investigation by Dutch authorities resulted in a £532k fine.

ICO director of investigations Steve Eckersley remarked: "This was not only a serious failure of data security on Uber's part, but a complete disregard for the customers and drivers whose personal information was stolen.

"At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.

"Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber-attack.”

The global scandal affected over 57 million Uber members after their full names, email addresses and phone numbers were stolen by hackers in 2016.

Compounding Uber’s culpability victims remained oblivious for a full year when it was established that Uber had paid the hackers $100k to delete the data rather than own up to the security failure.

Among the haul of data to be lifted from Uber’s cloud-based storage system were records of driver journeys and how much they were paid in the period between October and November 2016.

Uber has already been fined $148m by US regulators over the cover-up.

In the UK, Facebook is combatting its £500,000 Cambridge Analytica ICO fine, with it receiving the maximum fine for its role in the leak. Spurring this was the fact that 87 million profiles harvested for political gain by CA.

Get The Drum Newsletter

Build your marketing knowledge by choosing from daily news bulletins or a weekly special.