Uber has been fined £385,000 by the UK information Commissioner’s Office (ICO) for a security failure back in 2016.
The taxi-app company was fined after failing to protect the data of 2.7 million UK customers in 2016 after a cyber-attack.
At the time of the cyber-attack, Uber paid hackers $100,000 (£78,400) to retrieve the stolen customer data.
Concurrently, the firm was also been fined €600,000(£532,000) by regulators in Holland over the same incident, which compromised the data of 174,000 Dutch customers.
Uber had previously paid out $148 million to settle charges over the 2016 cyber-attacks in the U.S.
Steve Eckersley, director of investigations at the ICO, commented: “This was not only a serious failure of data security on Uber’s part but a complete disregard for the customers and drivers whose personal information was stolen.”
The ICO said: “Uber US did not follow the normal operation of its bug bounty programme. In this incident Uber US paid outside attackers who were fundamentally different from legitimate bug bounty recipients: instead of merely identifying a vulnerability and disclosing it responsibly, they maliciously exploited the vulnerability and intentionally acquired personal information relating to Uber users.”
In a statement, the company said: “We’re pleased to close this chapter on the data incident from 2016. As we shared with European authorities during their investigations, we’ve made a number of technical improvements to the security of our systems both in the immediate wake of the incident as well as in the years since.”
“We’ve also made significant changes in leadership to ensure proper transparency with regulators and customers moving forward. Earlier this year we hired our first chief privacy officer, data protection officer, and a new chief trust and security officer. We learn from our mistakes and continue our commitment to earn the trust of our users every day.”