Uber Fined £385,000 For Data Breach Affecting Millions Of PassengersNovember 28, 2018Cyber Security
Yes, the Information Commissioner Office has announced that Uber’s European operations have been fined for £385,000 for an incident happened in November 2016, where attackers hacked the cloud servers and downloaded 16 large files containing data of almost 3 million British users, and 3.7 million users worldwide.
The hacked records include passengers’ full names, phone numbers, email addresses, and the location where they had signed up.
The ICO said: The breach was caused by lack of information security, and Uber US’s have to pay a ‘bug bounty’ of $100,000 to the hackers instead of disclosing the attack.
However, this ‘bug bounty’ was not legitimate because the amount was paid to outside attackers not according to the normal operation of its bug bounty programme. None of the affected individuals is notified, and they began monitoring accounts for fraud after 12 months.
In a statement, Uber said “We’re pleased to close this chapter on the data incident from 2016. As we shared with European authorities during their investigations, we’ve made a number of technical improvements to the security of our systems both in the immediate wake of the incident as well as in the years since”.