Data Breach: Uber Covers Up Huge Personal Data Leak

By Sam Thomas | 22nd November 2017 | 15 min read

On Tuesday it was revealed that Uber had failed to notify 57 million customers and drivers affected by a personal data breach that took place back in October 2016.

The UK’s governing body for the introduction of the GDPR (the ICO) is investigating the huge leak of personal data of over 57 million customers and drivers including names, email addresses and driver’s licence numbers. Uber then reportedly also paid hackers $100,000 to delete the leaked data and to keep the breach under wraps. 

What has the Information Commissioner’s Office (ICO) said?

On Wednesday, the ICO said that Uber’s actions “raise huge concerns about its data protection policies and ethics”. It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed,” said James Dipple-Johnstone, deputy commissioner of ICO.

What has Uber said?

Uber said in a statement released on behalf of Chief Executive Dara Khosrowshahi, “none of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes”.

It’s also been reported that Uber has now offered free credit monitoring and identity theft protection to drivers affected by the breach. 

What’s next for Uber?

A statement released by the ICO says the body will be working with the National Cyber Security Centre plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.

According to the ICO, “Deliberately concealing breaches from regulators and citizens could attract higher fines for companies. Under the GDPR that comes into force in the EU in May 2018, companies will have to identify and notify regulators of data breaches within 72 hours or face significantly increased penalties of up to €20million or 4% annual turnover.”

How to prepare for the GDPR

With less than six months to go until the implementation of the GDPR, it’s important to start the preparations now, not only for good practice but to avoid the huge fines that companies will face in the future for non-compliance.

Don't worry, IRIS have put together an 11-page guide which is free to any business that is looking for some extra helpful information whilst preparing the GDPR.

What you'll learn

  • The key facts
  • The changes to the current Data Protection laws
  • If Brexit will affect GDPR
  • 9 ways your business can prepare for the GDPR
  • How IRIS have been preparing
  • The IRIS promise to you
To ensure you are up to speed with the GDPR and doing everything you can do to prepare, download your free guide today by clicking the button below.

We've also developed a handy checklist on the nine keys steps your business should take to prepare for the introduction of the GDPR.

To give your business the best chance of complying by 25th May 2018 implementation date why not print off the 9 steps to prepare for the GDPR checklist and tick off each step as you go!

Download your free GDPR checklist now!