The Dutch Data Protection Authority (Dutch DPA) just announced it’s imposing a €600,000 fine on Uber and its Dutch subsidiary Uber B.V. for violating Dutch data breach regulation in 2016. Simultaneously, UK’s Information Commissioner‘s Office (ICO) declared Uber will be fined £385,000 (around €433,000) for the same data breach back in 2016.
Uber concealed the 2016 breach for over a year, in which hackers gained access to personal data of 57 million people worldwide, such as names, email addresses, and telephone numbers. The company thereby failed to comply with laws stating it must report data breaches to the authorities and the data subjects within 72 hours after the discovery of the breach.
The company paid the hackers $100,000 to delete the data and keep the breach quiet. The ICO said Uber had shown “complete disregard” for users and said the breach was cause by “avoidable data security flaws,” according to Sky News.