Uber has been fined £385,000 following a huge data breach affecting 2.7 million UK customers in 2016, which saw the full names, addresses and phone numbers of users stolen by hackers.
In a statement from the Information Commissioner’s Office, the breach was attributed to ‘avoidable data security flaws’ by Uber, that had not only seen a ‘serious failure of data security’ but also a ‘disregard for the customers and drivers whose personal information was stolen’.
In addition to the fine received in the UK, Uber has also been fined 600,000 euros (equivalent to £532,000) by the data regulator in Holland, as the breach also affected 174,000 Dutch customers. And in the US Uber was required to pay an astounding $148m in order to settle federal charges against the company.
In response to the breach, Uber paid hackers $100,000 to destroy the data that had been stolen. According to reports, Uber failed to alert customers that their data had been affected, nor did the company provide support to those that were affected, who were at a significantly increased risk of fraud as a result.
How has Uber reacted to the breach?
Since the breach two years ago, Uber has transformed the way in which it handles customer data, with new roles created for a chief privacy officer and data protection head, both of whom now oversee the day to day operations with regards to data.
Appropriate data protection procedures are vital for all businesses across the globe. With GDPR now in force businesses could face significant fines should they be found to be in breach of regulations, which could ultimately hinder their ability to continue operating.
Ensure your data is protected securely with effective cyber security procedures in place. Contact the team at MWL Systems to find out how we can help to keep your business running efficiently and compliantly.