[ad_1]
The Dutch Data Protection Authority (Dutch Data Protection Authority) imposes a fine of € 600,000 on Uber Technologies. At the same time, his Information Commissioner's Office (ICO) is punishing Uber with a fine of £ 385,000 (nearly € 434,000).
These two European fines are in relation to the 2016 data leak (piracy) which had been concealed for over a year by the former group management.
In this case, Uber has acknowledged the compromised data of 57 million users worldwide (names, email addresses and mobile numbers) and driver's license numbers.
Under the leadership of former boss Travis Kalanick, Uber tried to stifle the data leak by paying a $ 100,000 ransom to buy the silence of the attackers, and with the promise of the destruction of stolen data.
" This was not only a serious breach of data security by Uber, but also a total disregard for customers and drivers whose personal data were stolen. At the time, no action had been taken to inform the individuals concerned or to offer them help and support says Steve Eckersley, Director of Investigations at ICO.
Sanctions are issued under legislation prior to the General Data Protection Regulation (GDPR) in Europe which entered into force on 25 May 2018.
In the United States, Uber announced in September a mutual agreement of $ 148 million with 50 states to settle the case and avoid a lawsuit.
Regarding the security incident, it was the work of attackers who obtained access to a private code repository on GitHub used by Uber software engineers. They then obtained identifiers to access information stored on an Amazon Web Services account and discovered personal data.
Source link
