Uber has been handed over a fine of 600,000 Euros by the Dutch Data Prevention Authority, for violating a data breach regulation back in 2016. For the same data breach, United Kingdom’s Information Commissioner’s Office has also slapped a fine of approximately 433,000 Euros on the popular ride-hailing service, taking the total monetary penalty over a million Euros.
According to a report by The Next Web, Uber concealed the above-mentioned data breach, which involved hackers gaining access to personal details (e.g. names, email addresses, and phone numbers) of about 57 million users. By doing so, the ride-sharing company directly violated data laws, which mandate that data breaches must be reported to authorities and concerned subjects (in this case, users) within 72 hours of being discovered. What’s even worse is that the company paid the hackers around $100,000 to delete the compromised data and not reveal any details about the breach.
Quoting United Kingdom’s Information Commissioner’s Office, a Sky News report said that Uber had shown “complete disregard” for the customers, as well as the 82,000 drivers whose personal data was compromised due to the security breach. It further mentioned that a series of “avoidable data security flaws” had allowed customers’ personal details to be accessed and downloaded from a cloud-based storage system operated by Uber in the United States. The report further noted that in the Netherlands, up to 174,000 users were affected by the data breach.