[ Nov 28, 2018 ]
Uber has been fined £385,000 after “a series of avoidable data security flaws” allowed hackers to download personal information from 2.7 million customers.
The Information Commissioner’s Office (ICO) found Uber was guilty of a “serious breach” of UK data protection law and showed a “complete disregard” for the customers and drivers whose information was stolen.
Full names, email addresses and phone numbers were obtained during the October and November 2016 attack but Uber did not inform customers or drivers for more than a year. Instead it paid the attackers $100,000 (£78,000) to destroy the information they had downloaded.
The records of almost 82,000 drivers based in the UK – which included details of journeys made and how much they were paid – were also taken during the incident.