British and Dutch regulators have fined ride-hailing company Uber $1.2 million for what it said were inadequate security measures that left personal data at risk for a cyber attack.
The fines are linked to a 2016 hack of Uber data that allowed attackers to download information about 32 million users, including 2.7 million accounts in Britain.
The files included full names, mobile phone numbers, email addresses and some user passwords. Information about 3.7 million drivers, 82,000 of them in Britain, was also downloaded.
Britain’s Information Commissioner’s Office said the hack was the result of “a series of avoidable data security flaws.”
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,” ICO Director of Investigations Steve Eckersley said. “At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”
Uber said in a statement it is “pleased to close this chapter on the data incident from 2016.”
“As we shared with European authorities during their investigations, we’ve made a number of technical improvements to the security of our systems both in the immediate wake of the incident as well as in the years since,” the company said.