Fine issued for Uber cyber attack
uber data breach

Fine issued for Uber cyber attack

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

A hefty fine has been issued over the 2016 Uber cyber attack as a result of security flaws that could have prevented the breach in the first place.

The data for some 2.7m Uber customers in the UK was compromised, as were the records for over 80,000 drivers. The fine, issued by the ICO (Information Commissioner’s Office), is small in comparison to potential GDPR fines. This is because the cyber attack took place in 2016 before the new rules came into force.

Had the cyber attack have happened this year, Uber could have faced fines in the millions.

How the Uber cyber attack happened

The Uber cyber attack through the use of a ‘credential stuffing’ attack. Hackers essentially entered username and password combinations into Uber’s cloud storage system until they got a match for an account.

With the use of strong passwords and defences that can prevent multiple access attempts, this would have been an easy attack to have prevented.

Data exposed in the Uber cyber attack

Data that was exposed in the Uber cyber attack for some 2.7m customers included their:

  • Names;
  • Addresses;
  • Email addresses;
  • Telephone numbers.

The personal records of around 82,000 drivers was also exposed in the attack. Their data that was compromised included information about how they were paid as well.

Punishments issued for the Uber cyber attack

The punishment issued in the UK for the Uber cyber attack is a fine of £385,000.00 under the old rules prior to GDPR. They have also been hit with fines in the US and elsewhere in Europe as well.

The ICO stated there were “avoidable data security flaws”. In a statement, they said:

“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Controversially, the company tried to pay the attackers off with a bribe which they later claimed was a prearranged security contract. Although companies do hire experts with the skills to hack their systems in efforts for financial rewards, known as “bug bounties”, the Uber cyber attack was not an example of this. An employee attempted to pass it off this way and was subsequently fired.

Can you claim compensation as a victim of the Uber cyber attack?

You may be able to claim compensation as a victim of the 2016 Uber cyber attack. It can depend on what data of yours was compromised, and how it has affected you.

It is two years on since the incident, so if you’ve yet to start a legal case, you should speak to our team as soon as you can.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon