Uber Fined Nearly $1.2 Million By Dutch, UK Over 2016 Data Breach (cnbc.com)

← Back to Stories (view on slashdot.org)

Uber Fined Nearly $1.2 Million By Dutch, UK Over 2016 Data Breach (cnbc.com)

Posted by BeauHD on Tuesday November 27, 2018 @01:40PM from the time-to-pay-up dept.

British and Dutch authorities fined Uber a combined $1.17 million for a 2016 data breach that exposed the personal details of millions of customers. "The U.K.'s Information Commissioner's Office (ICO) announced a $491,284 fine against the ride-sharing company for 'failing to protect customers' personal information during a cyber attack' in October and November of 2016," reports CNBC. "The Dutch Data Protection Authority imposed its own $679,257 penalty for the same incident." From the report: The 2016 cyberattack allowed hackers to access the personal details, including full names, email addresses and phone numbers, of 2.7 million Uber customers in the U.K. and 174,000 in the Netherlands, authorities said. The U.K.'s ICO said the cyberattack represented a "serious breach" of the country's Data Protection Act of 1998 by exposing customers and drivers to increased risk of fraud. The Dutch regulator said it was fining Uber because it did not report the breach within the country's mandated 72-hour window.

In September, Uber agreed to pay $148 million to settle claims related to the 2016 data breach to states across the U.S. and Washington, D.C. In a statement Tuesday, an Uber spokesperson said the company is "pleased to close this chapter on the data incident from 2016."

30 comments

Min score:

Reason:

Sort:

Nearly 1.2 Nothings by Anonymous Coward · 2018-11-27 13:46 · Score: 0

Weak
1. Re:Nearly 1.2 Nothings by Anonymous Coward · 2018-11-27 18:48 · Score: 1
  
  Both the UK and the Netherlands fined Uber based on what pre-GDPR legislation allowed, because the GDPR only became effective earlier this year and the data breach happened in 2016. Under the GDPR maximum fine in both countries would have been 20 million euros or 4% of the worldwide annual turnover, whichever is greater. Don't expect the fine to be this low the next time this happens.
2. Re:Nearly 1.2 Nothings by Impy+the+Impiuos+Imp · 2018-11-28 02:19 · Score: 1
  
  The next time what happens? Trying to hide a breach, or failing to magically stop an unknown attack by motivated thieves?
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
3. Re:Nearly 1.2 Nothings by JaredOfEuropa · 2018-11-28 05:34 · Score: 1
  
  They weren’t fined for the breach but for failure to disclose it.
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
BEWARE THE DUTCH by Anonymous Coward · 2018-11-27 13:48 · Score: 0

Because that have a lot of dykes who will kick your ass!
LOL by Archfeld · 2018-11-27 14:02 · Score: 1

Brittan going dutch on their fines with Holland ?
*ducks

--
errr....umm...*whooosh* *whoosh* Is this thing on ?
1. Re:LOL by Anonymous Coward · 2018-11-27 14:45 · Score: 0
  
  Fine was cheap and cost effective like Ford's exploding fuel tanks. Employing a dozen or more so called security people may not have prevented it anyway. So go lean, and pay up(tax deductible) if caught. Do we know why the breach occurred? Because if it was uptime uptime over security, the problem remains if uptime trumps fully patched.
2. Re: LOL by Anonymous Coward · 2018-11-27 14:56 · Score: 0
  
  Brittan going dutch on their fines with Holland ?
  Huh?
  This is about the Netherlands, not Holland. If you said The Hague then that joke might have made sense.
3. Re: LOL by Anonymous Coward · 2018-11-27 15:12 · Score: 0
  
  He also spelled it Brittan so ya know...
4. Re: LOL by Anonymous Coward · 2018-11-27 18:38 · Score: 0
  
  Holland is part of the Netherlands (two provinces in the west are called Noord-Holland and Zuid-Holland; Den Haag is in Zuid-Holland) and even the Dutch themselves often enough informally refer to the Netherlands as Holland.
  Are you strict about what The Netherlands should be called or are you perhaps thinking of the Swedish island called Oland?
5. Re:LOL by arglebargle_xiv · 2018-11-27 21:44 · Score: 1
  
  the problem remains if uptime trumps fully patched.
  How would you full patch trump? I mean, he's been toupeed, but how would you patch him?
6. Re: LOL by Anonymous Coward · 2018-11-28 00:27 · Score: 0
  
  LOL, you're a funny libtard. How about some migrant caravan jokes? I guess they don't like the beaches and food in Baja California, Mexico. Run away from the pina coladas! Fake news says you want a better life of expensive housing and mandated insurances. Woohoo for litbtard Kalifornia, USA! Haha hehe
7. Re:LOL by Impy+the+Impiuos+Imp · 2018-11-28 02:08 · Score: 1
  
  Orange man unpatched! >:-(
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
8. Re: LOL by Archfeld · 2018-11-28 10:49 · Score: 1
  
  Dang... I missed that thanks for pointing that out. In such a hurry to make a bad joke I misspelled a very basic word.
  
  --
  errr....umm...*whooosh* *whoosh* Is this thing on ?
so $0.43 for each person's data by Anonymous Coward · 2018-11-27 14:08 · Score: 1

not bad, i'm sure they've made way more off it anyway
1. Re:so $0.43 for each person's data by Actually,+I+do+RTFA · 2018-11-27 19:37 · Score: 1
  
  Note that this breach happened in 2016. Both the Netherlands and Britain have dramatically increased the maximum fines since then. If that happened today there would be a few more zeros on that fine.
  
  --
  Your ad here. Ask me how!
vs MPAA by Anonymous Coward · 2018-11-27 14:09 · Score: 0

If the user data had been shared music files the MPAA would have been seeking BILLIONS and a significant prison sentence.
The fact that personal data is worth so much less than a music track is just disgusting.
When and only when these people loose everything and do hard time in jail will they actually give a damn.
Without people, Corporations are nothing
Without Corporations, people are still people.
Wow, Have you ... by CaptainDork · 2018-11-27 15:11 · Score: 1

... seen this?

Uber Technologies Inc. has been told by banks that it could be a $120 billion company when it goes public.

--
It little behooves the best of us to comment on the rest of us.
1. Re:Wow, Have you ... by Anonymous Coward · 2018-11-27 20:41 · Score: 0
  
  Im thinking how many billions were lost through now near worthless taxi licences/medalions and how countries buckled under ISDS pressure. Mostly state gov /city revenue was the looser here.
  Anyways there are dozens of uber style rip-offs, and the killer is EXCLUSIVITY of employment is now dead. I saw one car with three car-hire tags on back window. If car pooling becomes legal anytime, valuations will drop.
2. Re:Wow, Have you ... by Impy+the+Impiuos+Imp · 2018-11-28 02:10 · Score: 1
  
  I saw a driver pick up an Uber Eats delivery at a take out, then get into his pretty green Lyft car to go deliver it.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
3. Re:Wow, Have you ... by CaptainDork · 2018-11-28 04:04 · Score: 1
  
  Yeah, I see your point. Talk about disruptive!
  This goes to taxing robots that replace humans.
  
  --
  It little behooves the best of us to comment on the rest of us.
4. Re:Wow, Have you ... by CaptainDork · 2018-11-28 04:06 · Score: 1
  
  That driver is only interested in money!
  No company loyalty.
  Oh, wait ...
  
  --
  It little behooves the best of us to comment on the rest of us.
Re:These fines just another way to steal from peop by Anonymous Coward · 2018-11-27 19:24 · Score: 3, Insightful

Do you avoid using Uber because you expect them to expose customer data to the world or do you have different reasons? There will be other companies you do buy goods or services from. Do you expect them to expose your personal data to the world, or do you avoid doing business with anybody because you value your privacy?
European privacy legislation is an attempt to restrict companies and other organizations to use personal data only for the purposes for which you gave them that data, and to be transparent about it. The Dutch data protection officer over the years in most cases hasn't issued fines or penalties but warned organizations to get their act together. Fines and penalties are generally only used when they fail to do so. I'm not sure if this approach will change under the GDPR, but that is what I've seen so far.
Uber fucked up badly because they tried to cover up a serious breach. That is why they were fined.
Dutch, UK? by skovnymfe · 2018-11-27 23:28 · Score: 2

Who is Dutch, UK? And why does Dutch, UK have the authority to issue fines?
1. Re:Dutch, UK? by Anonymous Coward · 2018-11-28 01:02 · Score: 0
  
  Uk is the Dutch word for toddler. Of course toddlers can issue fines, they can even become president in some countries.
2. Re:Dutch, UK? by RockDoctor · 2018-11-29 13:13 · Score: 1
  
  why does Dutch, UK have the authority to issue fines?
  The UK has nuclear weapons. Some of them are probably in United States (or Canada) territorial waters, with sufficient range to hit many (most) million plus cities in the contiguous US. Is that sufficient reason. (I assume that the Trumpian concept that "international law has no meaning" has already been hung from a tree in the finest lynching style. TrÃs American!)
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
million by fluffernutter · 2018-11-28 01:12 · Score: 1

I read the headline as $1.2 BILLION and I thought that was appropriate.

--
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Good luck by Anonymous Coward · 2018-11-28 15:53 · Score: 0

Best wishes EU, try not to hold your breath while you're waiting for that cheque to roll in.