Skip to main content

Uber Gets Hefty Fine From The EU For Data Breach 

By December 11, 2018June 2nd, 2022Cybersecurity

In recent years we’ve seen several companies suffer from hacks of various magnitudes. Over time, we’ve witnessed the growth of what could be described as best practices in terms of how to respond.

The typical arc goes something like this:

The hack is discovered.  Immediately thereafter, the company discloses the pertinent details about the hack, including the number of users impacted, and specifics on what data was compromised.  They apologize, tighten up their processes, and often pay for a year (or more) of free credit monitoring for users who were affected by the breach.

All they while, they’re working with law enforcement to get to the bottom of who hacked them in order to bring the perpetrators to justice.  That’s not the path Uber chose to take when they were hacked two years ago.

Instead, when the hackers contacted Uber and demanded $100,000 to reveal how they compromised Uber’s system, the company quietly paid up, and said the payment was a very large bug bounty.  A year later, the company informed the users who had their data compromised.

Needless to say, that’s fairly far removed from the established best practices. When the details came to light, the EU took action.

Recently, the UK’s ICO (Information Commissioner’s Office) and its data protection authority in the Netherlands both announced a decision to fine Uber for the disclosure delay. The UK fine amounted to £385,000 and the fine from the Netherlands amounted to €600.000.

In all, the breach impacted some 2.7 million users in the UK and nearly 200,000 in the Netherlands.

A spokesman from the Information Commissioner’s Office had this to say about the matter: “The incident, a serious breach of principle seven of the Data Protection Act 1998 had the potential to expose the customers and drivers affected to increased risk of fraud.”

Ultimately, the fines amount to little more than a slap on the wrist.  Uber got off easy in that regard, but hopefully, the slap was hard enough that should another such incident occur, they’ll choose to handle it very differently.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.