This article was published on November 27, 2018

Uber fined €1M for 2016 data breach by Dutch and British privacy watchdogs


Uber fined €1M for 2016 data breach by Dutch and British privacy watchdogs Image by: Uber

The Dutch Data Protection Authority (Dutch DPA) just announced it’s imposing a €600,000 fine on Uber and its Dutch subsidiary Uber B.V. for violating Dutch data breach regulation in 2016. Simultaneously, UK’s Information Commissioner’s Office (ICO) declared Uber will be fined £385,000 (around  €433,000) for the same data breach back in 2016.

Uber concealed the 2016 breach for over a year, in which hackers gained access to personal data of 57 million people worldwide, such as names, email addresses, and telephone numbers. The company thereby failed to comply with laws stating it must report data breaches to the authorities and the data subjects within 72 hours after the discovery of the breach.

Instead, the company paid the hackers $100,000 to delete the data and keep the breach quiet. The ICO said Uber had shown “complete disregard” for users and said the breach was cause by “avoidable data security flaws,” according to Sky News.

It’s still unclear whether the two privacy regulators worked together but the Dutch DPA and the ICO announced the Uber fines within moments of each other.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

This isn’t the first time Uber has been fined for its 2016 data breach. Last September the ride-hailing giant was forced to pay $148 million in fines after a settlement in a case of all 50 states against the company.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top