France’s data protection authority, the CNIL, has fined Uber 400,000 euros for its 2016 data breach. An investigation by the CNIL found the breach could have been avoided had the ride-hailing company implemented basic security measures. The agency cited Uber’s failure to implement stronger authentication measures to protect identifiers located on Github and a lack of encryption as reasons for the penalty. The CNIL’s ruling comes after the U.K. Information Commissioner’s Office and the Dutch data protection authority, the Autoriteit Persoonsgegevens, both administered penalties for the Uber breach. (Original article is in French.) Editor's Note: The IAPP will be hosting its first-ever dual-lingual event with the Data Protection Intensive: France 2019 that will take place Feb. 12–13 in Paris.
If you want to comment on this post, you need to login.