Uber Chief Executive Dara Khosrowshahi will have a lot to contend with this week as the business lands a hefty £350,000 fine for the UK data breach.
The Information Commissioner’s Office (ICO) says “avoidable data security flaws” allowed hackers to access the personal information of 2.7 million UK Uber users, including their full name, email address and phone numbers.
To cover their tracks ‘Uber paid the attackers $100,000 to destroy the data they had downloaded’ alongside this, customers were not made aware of the data breach, a costly mistake for the taxi firm.
Although this data breach took place before GDPR came into force in May 2018, ‘it is a serious breach of the Data Protection Act 1998’. Any subsequent data breach that took place after May 2018 could land the firm a fine of £17.8 million or 4% of global turnover. This could equate to billions for the largest technology companies.
The fine is a drop in the ocean to the $6.5 billion turn over in 2017 for Uber, however the sense of deception will linger for customers.
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen," said ICO Director of Investigations Steve Eckersley.
Protecting your data is more important now than ever as data breaches become a serious risk to companies of all sizes.
Chess have been focusing on penetration testing (pen testing) for customers this November. In short, a ‘Pen Test’ is a security exercise where our cybersecurity experts find and exploit vulnerabilities in your computer system highlighting the proposed risks to your company. Interested in a pen test?