Yes, the Information Commissioner Office has announced that Uber’s European operations have been fined for £385,000 for an incident that happened in November 2016, where attackers hacked the cloud servers and downloaded 16 large files containing data of almost 3 million British users, and 3.7 million users worldwide.
The hacked records include passengers’ full names, phone numbers, email addresses, and the location where they had signed up.
The ICO said: The breach was caused by a lack of information security, and Uber US’s have to pay a ‘bug bounty’ of $100,000 to the hackers instead of disclosing the attack.
However, this ‘bug bounty’ was not legitimate. Because the amount paid to outside attackers not according to the normal operation of its bug bounty program. None of the affected individuals is notified, and they began monitoring accounts for fraud after 12 months.
In a statement, Uber said “We’re pleased to close this chapter on the data incident from 2016. As shared with European authorities during investigations, we’ve made a number of technical improvements to the security of our systems. The improvements made in the immediate wake of the incident as well as in the years since”.