The U.K. Information Commissioner’s Office and the Dutch data protection authority, the Autoriteit Persoonsgegevens, have both fined Uber for violations related to its 2016 data breach. The Dutch DPA fined the ride-hailing company 600,000 euros for its failure to report the breach to the agency and affected data subjects within 72 hours after the incident was discovered. The ICO issued a 385,000 GBP penalty after it discovered Uber did not fix the security vulnerabilities hackers eventually exploited. “This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,” ICO Director of Investigations Steve Eckersley said. “At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support.”
If you want to comment on this post, you need to login.