Business

Actions

Uber Hit With $1M In Fines For Covering Up Massive 2016 Data Breach

The Dutch Data Protection Authority and the U.K.'s Information Commissioner's Office say Uber broke their countries' privacy and disclosure laws.
Posted

Uber was fined more than $1 million for failing to disclose a massive data breach in 2016 that affected almost 60 million people around the world.

The Dutch Data Protection Authority fined the company more than $677,000 for violating its data breach regulation. It says the information of 174,000 Dutch citizens was taken.

And the U.K.'s Information Commissioner's Office, or ICO, fined the ride-sharing company more than $491,000 for what it called "a series of avoidable data security flaws" that affected around 2.7 million U.K. customers.

ICO says Uber failed by not informing users of the hack. Instead, Uber later revealed it paid the hackers a $100,000 ransom to delete the files and then covered up the breach.

The ICO's director of investigations said Uber's actions were "not, in our view, an appropriate response to the cyber attack."

Uber has also faced scrutiny in the U.S. for the breach. In September, the company agreed to a $148 million settlement with all 50 states and the District of Columbia.