Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
A hefty fine has been issued over the 2016 Uber cyber attack as a result of security flaws that could have prevented the breach in the first place.
The data for some 2.7m Uber customers in the UK was compromised, as were the records for over 80,000 drivers. The fine, issued by the ICO (Information Commissioner’s Office), is small in comparison to potential GDPR fines. This is because the cyber attack took place in 2016 before the new rules came into force.
Had the cyber attack have happened this year, Uber could have faced fines in the millions.
The Uber cyber attack through the use of a ‘credential stuffing’ attack. Hackers essentially entered username and password combinations into Uber’s cloud storage system until they got a match for an account.
With the use of strong passwords and defences that can prevent multiple access attempts, this would have been an easy attack to have prevented.
Data that was exposed in the Uber cyber attack for some 2.7m customers included their:
The personal records of around 82,000 drivers was also exposed in the attack. Their data that was compromised included information about how they were paid as well.
The punishment issued in the UK for the Uber cyber attack is a fine of £385,000.00 under the old rules prior to GDPR. They have also been hit with fines in the US and elsewhere in Europe as well.
The ICO stated there were “avoidable data security flaws”. In a statement, they said:
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”
Controversially, the company tried to pay the attackers off with a bribe which they later claimed was a prearranged security contract. Although companies do hire experts with the skills to hack their systems in efforts for financial rewards, known as “bug bounties”, the Uber cyber attack was not an example of this. An employee attempted to pass it off this way and was subsequently fired.
You may be able to claim compensation as a victim of the 2016 Uber cyber attack. It can depend on what data of yours was compromised, and how it has affected you.
It is two years on since the incident, so if you’ve yet to start a legal case, you should speak to our team as soon as you can.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020