It seems like everyone’s past eventually comes to haunt them. Uber is no exception to this rule. The cab-hailing company was fined 600,000 Euros for violating Dutch data breach regulation in 2016. Uber’s Dutch subsidiary Uber B.V was also fined.
If you thought this was an end to Uber’s misery, you are mistaken. UK’s Information Commissioner‘s Office (ICO) declared Uber would be fined £385,000 (approximately €433,000) for the same data breach back in 2016.
Uber hid the security breach from the public for over a year. The massive breach exposed personal data of more than 57 million across the globe. Hackers gained access to users’ names, telephone numbers, and email addresses.
Uber, therefore, broke the rule by not reporting the breach to the authorities and victims within 72 hours of discovering the hack. The most surprising bit about this whole fiasco was yet to come. Uber, instead of trying to recover the data, paid hackers $100,000 to shut them up.
According to Sky News, the Information Commissioner’s Office said Uber had been pretty wreckless the way they had handled the mess. The ICO stated that Uber had shown “complete disregard” for users and said the breach was caused by “avoidable data security flaws.”
It is unclear whether the British and Dutch agencies worked together to bring Uber to justice. It is quite peculiar though since both fines came moments of each other. This isn’t the first time Uber was fined for its malfeasance.
Uber was forced to pay $148 million in fines last September. This settlement was made with all 50 states against the cab-hailing company. The hack was caused by insufficient and inadequate security measures. Uber drivers were affected in this breach as well.
Around 3.7 million drivers were hacked including 82,000 from the United Kingdom. Drivers had their personal data stolen that included driver licenses, weekly pay, and trip summaries. There were luckily just a few cases in which driver licenses were stolen.
Uber clearly broke the laws because it didn’t notify anyone and only started looking into the matter twelve months after the attacks had started. The hack’s timing prevented Uber from paying a high fine.
The fine was issued under the old Data Protection Act 1998 which meant the maximum fine imposed on Uber could not exceed 500,000 British Pounds. If the fine were handed out under DPA 2018, it would have been much higher.
It could have valued at 4% of Uber’s global revenue. It seems Uber has gone scot-free from this whole catastrophe, apart from the fine. The company didn’t have much to lose at least for the moment. Uber has other competitors in the middle east such as Careem, but in the US and Canada Uber reigns supreme.
Lyft is gaining on Uber’s heels every day now. Lyft offers better prices for both their drivers and passengers. Lyft’s surcharges are less than Uber’s, generally speaking. With this mega security blunder, it can be expected that more and more users will start opting for Lyft instead of Uber.