Connect with us

Data Breaches Hacker News

Uber Fined $1.1 Million over 2016 Data Breach

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Data Breaches

77 Million Nitro PDF Records Compromised

Data Breaches

Solarwinds Hackers Achieve End Goal of Acquiring High-Profile Government Targets

Data Breaches

British Airliner EasyJet Victim of Cyber Attack - 9 Million Records Exposed

Data Breaches

Massive Data Breach of Panama Citizens

Data Breaches

Outlook Breach More Expansive than Previously Thought

Data Breaches

Second Toyota Security Breach puts 3.1 Million Consumers at Risk

Data Breaches Hacker News

Korean Crypto Exchange BitHumb Loses $19 Million to Hackers

Data Breaches Hacker News

Major Aluminum Manufacturer Hit With Cyber Attack Stopping Worldwide Production

Data Breaches

Uber Fined $1.1 Million over 2016 Data Breach

Published

5 years ago

on

Uber-Fined-$1.1-Million-over-2016-Data-Breach

On 27 November Dutch and British regulators hit Uber with a $1,170,892 fine. Uber was fined because of a 2016 cyber attack that exposed millions of users’ data.

In 2017 Uber released details of the attack that occurred in 2016. The 2016 attack exposed email addresses, names, and phone numbers of around 57 million users and drivers. Additionally, 600,000 drivers driving license numbers were leaked.

The attack was a stuffing attack on Uber’s cloud storage. Attackers tried different username and password pairs until they hit a match. Uber’s response to the attack has been criticized.

Drivers whose information was compromised were notified and offered free credit monitoring and identity theft protection, however, UK customers who were affected were not notified. This meant millions of British people were vulnerable to other attacks now their information was out there, and they weren’t given the opportunity to take control of their data.

The fine is joint between the UK and the Netherlands, with Britain’s Information Commissioner’s Office (ICO) fining Uber £385,000 ($491,102) and the Dutch Protection Authority (Dutch DPA) fining EUR600,000 ($679,790).  Citizens of both countries were affected by the attack, with information from 3 million British citizens leaked, and 174,000 Dutch citizens.

Uber has reiterated that the breach was limited and other personal information wasn’t leaked. For example trip location history, bank account numbers, social security numbers, credit card numbers and dates of birth were not affected.

It could be argued that Uber got off lightly with the fine they received since the fine was calculated based on the 1998 Data Protection Act, rather than GDPR which only came into effect in May this year. Under GDPR there are two levels of fines, the first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. Enacting these fines would have resulted in a much higher fine for Uber.

Related Topics:

Experienced British technology journalist and online reporter

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *