- Uber was fined a collective $1.17 million by the United Kingdom's Information Commissioner's Office (ICO) and the Dutch Data Protection Authority (Dutch DPA) Tuesday for failing to protect consumers during the ride sharing company's 2016 data breach.
- The ICO fined 385,000 pounds, the equivalent of about $491,491, after a "series of unavoidable data security flaws" compromised the personal data of about 2.7 million U.K. customers and 82,000 drivers, according to the announcement.
- The Dutch DPA imposed a fine of 600,000 euro, or about $679,690, because Uber "violated the Dutch data breach regulation" by not reporting the breach to the Dutch DPA and impacted individuals within 72 hours of discovery, according to the announcement.
But Uber tried to cover up the breach that compromised 57 million worldwide accounts.
Corporate negligence, intentional or not, is no longer tolerated by watch dogs waiting to hand down fines to companies that abuse consumer data. Uber was able to escape fines that would have been imposed by GDPR had the regulation been implemented sooner.
ICO's investigation into the breach confirmed credential stuffing, a process bad actors use to inject password and username combinations into websites until a match is uncovered. The hardline approach ICO and the Dutch DPA have taken prove that regulators are more serious than ever when it comes to data transparency.
The tech industry is known for its lack of regulation, and without a set federal privacy law in the U.S., tech companies don't always feel the pain after a breach, unless it hits their bank accounts.
In August, Uber hired a replacement for its chief security officer and indicated the company was facing all the negative press and expected regulations head on.
The company has to work to regain the trust of its customers, but similar to Facebook, even in the wake of a data breach, most users remain loyal.