ICO: Uber data breach raises huge concerns

The ICO and NCSC will investigate the impact on UK customers

The ICO said the way in which Uber dealt with a major data breach has raised "huge concerns" over the company's data protection policies and ethics.

The UK's data regulation body said concealing a data breach should come with a much larger fine than the standard penalities imposed on organisations that fail to sufficiently protect their customers' data. Uber is alleged to have paid the hackers $100,000 not to mention it had hacked the taxi booking app's systems, according to Bloomberg.

"It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers," ICO deputy commissioner James Dipple-Johnstone said in a statement.

"If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The ICO said it would investigate into the breach, including ascertaining how many UK citizens have been affected and to what extent. Uber revealed that information such as names, email addresses and mobile phone numbers had been accessed, but there's currently no evidence that social security numbers, payment details and trip data was stolen.

"We'll be working with the National Cyber Security Centre (NCSC) plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations," Dipple-Johnstone added. 

The NCSC has also spoken out against Uber's actions, saying that any company that finds it has been subject of a cyber attack shoud report it immediately for the safety of citizens.

"The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim," it said.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/strategy/27302/driverless-cars-news/page/0/4
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news/page/0/3
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news/page/0/1
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020