Want to keep the TNW Conference vibe going?? Tickets for TNW2022 are available now >>

The heart of tech

This article was published on November 27, 2018

Uber fined €1M for 2016 data breach by Dutch and British privacy watchdogs

Uber fined €1M for 2016 data breach by Dutch and British privacy watchdogs
Már Másson Maack
Story by

Már Másson Maack

Editor, Growth Quarters by TNW

Már tries to juggle his editorial duties with writing the occasional weird article. He also loves talking about himself in the third person. Már tries to juggle his editorial duties with writing the occasional weird article. He also loves talking about himself in the third person.

The Dutch Data Protection Authority (Dutch DPA) just announced it’s imposing a €600,000 fine on Uber and its Dutch subsidiary Uber B.V. for violating Dutch data breach regulation in 2016. Simultaneously, UK’s Information Commissioner‘s Office (ICO) declared Uber will be fined £385,000 (around  €433,000) for the same data breach back in 2016.

Uber concealed the 2016 breach for over a year, in which hackers gained access to personal data of 57 million people worldwide, such as names, email addresses, and telephone numbers. The company thereby failed to comply with laws stating it must report data breaches to the authorities and the data subjects within 72 hours after the discovery of the breach.

Instead, the company paid the hackers $100,000 to delete the data and keep the breach quiet. The ICO said Uber had shown “complete disregard” for users and said the breach was cause by “avoidable data security flaws,” according to Sky News.

It’s still unclear whether the two privacy regulators worked together but the Dutch DPA and the ICO announced the Uber fines within moments of each other.

This isn’t the first time Uber has been fined for its 2016 data breach. Last September the ride-hailing giant was forced to pay $148 million in fines after a settlement in a case of all 50 states against the company.

Also tagged with