Slashdot Mirror
Uber Fined Nearly $1.2 Million By Dutch, UK Over 2016 Data Breach (cnbc.com)
British and Dutch authorities fined Uber a combined $1.17 million for a 2016 data breach that exposed the personal details of millions of customers. "The U.K.'s Information Commissioner's Office (ICO) announced a $491,284 fine against the ride-sharing company for 'failing to protect customers' personal information during a cyber attack' in October and November of 2016," reports CNBC. "The Dutch Data Protection Authority imposed its own $679,257 penalty for the same incident." From the report: The 2016 cyberattack allowed hackers to access the personal details, including full names, email addresses and phone numbers, of 2.7 million Uber customers in the U.K. and 174,000 in the Netherlands, authorities said. The U.K.'s ICO said the cyberattack represented a "serious breach" of the country's Data Protection Act of 1998 by exposing customers and drivers to increased risk of fraud. The Dutch regulator said it was fining Uber because it did not report the breach within the country's mandated 72-hour window.
In September, Uber agreed to pay $148 million to settle claims related to the 2016 data breach to states across the U.S. and Washington, D.C. In a statement Tuesday, an Uber spokesperson said the company is "pleased to close this chapter on the data incident from 2016."
In September, Uber agreed to pay $148 million to settle claims related to the 2016 data breach to states across the U.S. and Washington, D.C. In a statement Tuesday, an Uber spokesperson said the company is "pleased to close this chapter on the data incident from 2016."
Brittan going dutch on their fines with Holland ?
*ducks
errr....umm...*whooosh* *whoosh* Is this thing on ?
not bad, i'm sure they've made way more off it anyway
... seen this?
Uber Technologies Inc. has been told by banks that it could be a $120 billion company when it goes public.
It little behooves the best of us to comment on the rest of us.
Both the UK and the Netherlands fined Uber based on what pre-GDPR legislation allowed, because the GDPR only became effective earlier this year and the data breach happened in 2016. Under the GDPR maximum fine in both countries would have been 20 million euros or 4% of the worldwide annual turnover, whichever is greater. Don't expect the fine to be this low the next time this happens.
Do you avoid using Uber because you expect them to expose customer data to the world or do you have different reasons? There will be other companies you do buy goods or services from. Do you expect them to expose your personal data to the world, or do you avoid doing business with anybody because you value your privacy?
European privacy legislation is an attempt to restrict companies and other organizations to use personal data only for the purposes for which you gave them that data, and to be transparent about it. The Dutch data protection officer over the years in most cases hasn't issued fines or penalties but warned organizations to get their act together. Fines and penalties are generally only used when they fail to do so. I'm not sure if this approach will change under the GDPR, but that is what I've seen so far.
Uber fucked up badly because they tried to cover up a serious breach. That is why they were fined.
Who is Dutch, UK? And why does Dutch, UK have the authority to issue fines?
I read the headline as $1.2 BILLION and I thought that was appropriate.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
The next time what happens? Trying to hide a breach, or failing to magically stop an unknown attack by motivated thieves?
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
They weren’t fined for the breach but for failure to disclose it.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...