Reading:
Fine issued for Uber cyber attack
Share:
uber data breach

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Fine issued for Uber cyber attack

A hefty fine has been issued over the 2016 Uber cyber attack as a result of security flaws that could have prevented the breach in the first place.

The data for some 2.7m Uber customers in the UK was compromised, as were the records for over 80,000 drivers. The fine, issued by the ICO (Information Commissioner’s Office), is small in comparison to potential GDPR fines. This is because the cyber attack took place in 2016 before the new rules came into force.

Had the cyber attack have happened this year, Uber could have faced fines in the millions.

How the Uber cyber attack happened

The Uber cyber attack through the use of a ‘credential stuffing’ attack. Hackers essentially entered username and password combinations into Uber’s cloud storage system until they got a match for an account.

With the use of strong passwords and defences that can prevent multiple access attempts, this would have been an easy attack to have prevented.

Data exposed in the Uber cyber attack

Data that was exposed in the Uber cyber attack for some 2.7m customers included their:

  • Names;
  • Addresses;
  • Email addresses;
  • Telephone numbers.

The personal records of around 82,000 drivers was also exposed in the attack. Their data that was compromised included information about how they were paid as well.

Punishments issued for the Uber cyber attack

The punishment issued in the UK for the Uber cyber attack is a fine of £385,000.00 under the old rules prior to GDPR. They have also been hit with fines in the US and elsewhere in Europe as well.

The ICO stated there were “avoidable data security flaws”. In a statement, they said:

“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Controversially, the company tried to pay the attackers off with a bribe which they later claimed was a prearranged security contract. Although companies do hire experts with the skills to hack their systems in efforts for financial rewards, known as “bug bounties”, the Uber cyber attack was not an example of this. An employee attempted to pass it off this way and was subsequently fired.

Can you claim compensation as a victim of the Uber cyber attack?

You may be able to claim compensation as a victim of the 2016 Uber cyber attack. It can depend on what data of yours was compromised, and how it has affected you.

It is two years on since the incident, so if you’ve yet to start a legal case, you should speak to our team as soon as you can.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon