ICO: Uber data breach raises huge concerns

The ICO and NCSC will investigate the impact on UK customers

The ICO said the way in which Uber dealt with a major data breach has raised "huge concerns" over the company's data protection policies and ethics.

The UK's data regulation body said concealing a data breach should come with a much larger fine than the standard penalities imposed on organisations that fail to sufficiently protect their customers' data. Uber is alleged to have paid the hackers $100,000 not to mention it had hacked the taxi booking app's systems, according to Bloomberg.

"It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers," ICO deputy commissioner James Dipple-Johnstone said in a statement.

"If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed."

The ICO said it would investigate into the breach, including ascertaining how many UK citizens have been affected and to what extent. Uber revealed that information such as names, email addresses and mobile phone numbers had been accessed, but there's currently no evidence that social security numbers, payment details and trip data was stolen.

"We'll be working with the National Cyber Security Centre (NCSC) plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations," Dipple-Johnstone added. 

The NCSC has also spoken out against Uber's actions, saying that any company that finds it has been subject of a cyber attack shoud report it immediately for the safety of citizens.

"The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim," it said.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Uber wins license to operate in London after ‘plugging IT gaps’
Policy & legislation

Uber wins license to operate in London after ‘plugging IT gaps’

28 Sep 2020
Uber claims it makes London "safer" in TfL licence battle
Policy & legislation

Uber claims it makes London "safer" in TfL licence battle

16 Sep 2020
Former Uber CSO charged for data breach cover-up
hacking

Former Uber CSO charged for data breach cover-up

21 Aug 2020
Court orders Uber and Lyft to consider drivers as employees
IT regulation

Court orders Uber and Lyft to consider drivers as employees

11 Aug 2020

Most Popular

Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020
Hackers demand ransom from therapy patients after clinic data breach
Security

Hackers demand ransom from therapy patients after clinic data breach

27 Oct 2020