Uber was fined a mingled $1.17 million by British and Dutch authorities Tuesday for a 2016 matter breach that exposed the personal details of millions of customers.
The U.K.’s Advice Commissioner’s Office (ICO) announced a £385,000 fine ($491,284) against the ride-sharing proprietorship for “failing to protect customers’ personal information during a cyber undertake” in October and November of 2016. The Dutch Data Protection Authority inflicted its own €600,000 ($679,257) penalty for the same incident.
The 2016 cyberattack allowed hackers to access the unfriendly details, including full names, email addresses and phone editions, of 2.7 million Uber customers in the U.K. and 174,000 in the Netherlands, authorities said.
After take cover the incident for more than a year, Uber admitted last November that hackers tippet data from 57 million users and drivers worldwide. The presence also paid hackers $100,000 to delete the data and conceal the break.
“This was not only a serious failure of data security on Uber’s division, but a complete disregard for the customers and drivers whose personal information was peculated,” ICO Director of Investigations Steve Eckersley said. “At the time, no steps were entranced to inform anyone affected by the breach, or to offer help and support. That left-wing them vulnerable.”
The U.K.’s ICO said the cyberattack represented a “serious breach” of the motherland’s Data Protection Act of 1998 by exposing customers and drivers to increased risk of cheating. The Dutch regulator said it was fining Uber because it did not report the infraction within the country’s mandated 72-hour window.
Because the cyberattack developed in 2016, it was not subject to the European Union’s General Data Protection Customary (GDPR) legislation that went into effect in May. The new rules could escalating penalties for companies like Uber, with fines of up to 4 percent of far-reaching annual revenues or €20 million, whichever is bigger.
In September, Uber agreed to pay $148 million to into order claims related to the 2016 data breach to states across the U.S. and Washington, D.C.
In a allegation Tuesday, an Uber spokesperson said the company is “pleased to close this chapter on the text incident from 2016.”
“We’ve made a number of technical improvements to the security of our schemes both in the immediate wake of the incident as well as in the years since. We’ve also play-acted significant changes in leadership to ensure proper transparency with regulators and fellows moving forward,” the statement said.