On the morning of November 28th, according to the US media CNBC report, due to the data breach in 2016, the British and Dutch authorities imposed fines on Uber on Tuesday, with a total fine of 1.17 million US dollars.
In October and November 2016, Uber was attacked by a cyber attack, causing user data to leak. The leaked information includes the user’s full name, email address, and phone number. According to the authorities, 2.7 million Uber users in the UK were affected; in the Netherlands, 174,000 users were affected.
In response, the Office of the Information Commissioner of the United Kingdom (ICO) announced a £385,000 (approximately $491,000) for Uber on the grounds that the company “failed to protect consumer personal information during cyber attacks”. The Dutch Data Protection Agency also imposed a fine of 600,000 euros (about 679,000 US dollars) on the company for the data breach.
Nearly a year after concealing the accident, Uber admitted in November 2017 that hackers had stolen the personal information of 57 million users and drivers worldwide. And, in order to delete data and conceal data breaches, Uber also paid $100,000 to hackers.
Since the cyberattack occurred in 2016, the data breach was not subject to the EU General Data Protection Regulations, which came into force in May this year.
In September, Uber agreed to pay $148 million to US states and Washington, DC to resolve litigation related to data breaches in 2016.
In a statement released on Tuesday, a Uber spokesperson said “the company is willing to cooperate to completely resolve the 2016 data breach.”
The statement states: “After the data breach, and over the years, we have taken a series of technical improvements to improve the security of our systems. Our leadership has also undergone major changes to ensure future compliance with regulators and consumers. Proper transparency.”