Uber was hit with a pair of fines by British and Dutch regulators Tuesday for its failure to protect customer data during a 2016 breach.
The UK Information Commissioner’s Office (ICO) fined the ride-hailing service £385,000 ($490,760), and the Netherlands’ Data Protection Authority imposed a 600,000 euro ($678,780) penalty.
In October 2016, hackersin multiple countries by breaching Uber’s system. Uber paid $100,000 to the data thieves to delete the information, which didn’t include Social Security numbers of US citizens or credit card information.
It impacted 2.7 million British and 174,000 Dutch riders and drivers, according to the two governments.
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,” Steve Eckersley, ICO’s director of investigations, said in a statement. “At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”
Since the breach occurred prior to introduction of(GDPR) in May, both fines were issued under old legislation. GDPR, the EU law that gives citizens more control over their personal data, allows for a maximum fine of 20 million euros or 4 percent of a company’s annual global revenue from the previous year, whichever is higher.
source . cnet.com