The Information Commissioner’s Office has warned Uber that it could be facing a massive fine after the firm admitted it had concealed a huge data breach from both customers and regulators by paying $100,000 (£75,000) to hackers to delete the data.
The breach, which affects about 57 million people and 7 million drivers, includes details such as names, email addresses and mobile phone numbers.
Within that number, 600,000 drivers had their names and licence details exposed. But while drivers have been offered free credit monitoring protection, affected customers will not be given the same.
ICO deputy commissioner James Dipple-Johnstone said: “Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.
“It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.
“We’ll be working with the National Cyber Security Centre and the National Crime Agency plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations. Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.”
Tesco braced for fall-out from Clubcard deal with Uber
Tesco relaunches Clubcard as Uber joins partner scheme
Uber sues Fetch Media over ‘non-existent’ online ads
Finance firms face sustained attack on their data vaults
FCA launches investigation into Equifax breach farce
Millions of Instagram users hit by major hack attack
Data breach at games giant CeX hits 2m customers
Data breaches ‘hit shares, sales and growth for years’