UK ICO fines Uber £385,000 for 2016 data breach
In November 2018 the UK Information Commissioner's Office fined Uber's European operation £385,000 for inadequate security that permitted a November 2016 data breach affecting nearly 3 million British users and 82,000 drivers. In the 2016 breach, attackers obtained credentials that allowed them to access Uber's cloud servers and download 16 large files that held the records of 35 million Uber users worldwide. These included passengers' full names, phone numbers, email addresses, and sign-up locations. The attackers also accessed the weekly pay and trip summaries of 3.7 million drivers, and in a few cases their driver's licence numbers as well. The ICO said the original attack was compounded by the decision taken by Uber in the US to pay the hackers $100,000 as a "bug bounty" and to keep the breach quiet. Uber US was fined $148 million in September 2018.
Writer: Alex Hern