CRAPSICAB COMPANY Uber has been hit with a £385,000 fine for failing to protect Brit's personal data during a 2016 cyberattack.
The fine comes courtesy of the Information Commissioner's Office (ICO) which on Tuesday said that a "series of aviodable security flaws" allowed attackers to access the usernames, email addresses and phone numbers of around 2.7 million UK customers.
The records of almost 82,000 drivers based in the UK - which included details of journeys made and how much they were paid - were also taken.
The ICO's probe found that "credential stuffing", a process by which compromised username and password pairs are injected into websites until they are matched to an existing account, was used to gain access to Uber's data storage.
The data watchdog also slammed Uber for failing to tell affected customers and drivers about the breach until more than a year later; the firm instead paid a hacker $100,000 to destroy all the data nicked in the data breach.
ICO Director of Investigations Steve Eckersley said: "This was not only a serious failure of data security on Uber's part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable."
The ICO concluded that the Uber's actions were in "serious breach" of of principle seven of the Data Protection Act 1998, as had the potential to expose the customers and drivers affected to increased risk of fraud.
"Paying the attackers and then keeping quiet about it afterwards was not, in our view, an appropriate response to the cyber attack," Eckersley added
"Although there was no legal duty to report data breaches under the old legislation, Uber's poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected."
In response to the ICO's fine, Uber said in a statement: "We're pleased to close this chapter on the data incident from 2016.
"As we shared with European authorities during their investigations, we've made a number of technical improvements to the security of our systems both in the immediate wake of the incident as well as in the years since.
"We've also made significant changes in leadership to ensure proper transparency with regulators and customers moving forward. Earlier this year we hired our first chief privacy officer, data protection officer, and a new chief trust and security officer. We learn from our mistakes and continue our commitment to earn the trust of our users every day." µ
So that's why she's smiling…
How many Zuckbucks to the pound?
Alexa, is this exploitation?