Uber fined after 'serious breach' allows hackers to download 2.7 million customers' data

‘A series of avoidable data security flaws’ allowed attackers to access full names, email addresses and phone numbers

Ben Chapman
Tuesday 27 November 2018 10:19
Uber ordered to treat drivers as workers with employment rights after losing appeal

Uber has been fined £385,000 after “a series of avoidable data security flaws” allowed hackers to download personal information from 2.7 million customers.

The Information Commissioner’s Office (ICO) found Uber was guilty of a “serious breach” of UK data protection law and showed a “complete disregard” for the customers and drivers whose information was stolen.

Full names, email addresses and phone numbers were obtained during the October and November 2016 attack but Uber did not inform customers or drivers for more than a year. Instead it paid the attackers $100,000 (£78,000) to destroy the information they had downloaded.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments