Back in late 2017, Uber came under fire for its security practises after a huge data leak was made public. One hacker had managed to obtain the details of millions of Uber drivers and passengers. Rather than take steps to fix the issue and warn customers, a former Uber executive chose to cover up the breach by paying $100,000 to the hacker. This hasn’t gone down well in the US, with Uber receiving a $148 million fine, and now an additional fine has been handed down here in the UK.
Back in September, we learned that US officials had fined Uber $148 million for the breach, a sum that will be split up between different states based on how many people were affected. Here in the UK, roughly 2.7 million users were compromised, so the Information Commissioner’s Office (ICO) has handed down another fine, which will set Uber back by £385,000.
As you would expect, ICO was critical of Uber’s security choices, stating that a “series of avoidable security flaws” led to the leak, adding that the company displayed a “complete disregard for the customers and drivers who’s personal information was stolen”.
ICO Director of Investigations, Steve Eckersley, finished the press release off by saying: “Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber attack”.
KitGuru Says: These fines aren’t too surprising, after all, the Uber hack was handled terribly. Still, £385,000 does seem to be a little on the low side compared to the punishment handed over in the US.