Threat Watch

Uber Fined Over 2016 Data Breach

Britain’s Information Commissioners Office (ICO) and the Dutch Data Protection Authority (Dutch DPA) have both officially fined Uber a total of $1,170,892 USD for the failure to keep personal information of their citizens safe. Uber waited an entire year to disclose the breach that exposed names, email addresses, and phone numbers of 57 million customers as well as license numbers of 600,000 drivers. When the breach was first discovered, Uber paid the unknown hackers a $100,000  ransom to keep the incident a secret. The organization guaranteed its clients that other individual elements such as trip area history, charge card numbers, bank balance numbers, Social Security numbers or dates of birth, were not compromised in the breach. Uber was lucky that the breach happened prior to the EU’s GDPR was put into place or they could have been facing a fine of 17 million pounds ($21,661,026), or even 4 percent of its annual global revenue.


If a user discovers they might be a part of a breach while using an app, they must identify what information is included and what was accessed. They should look for unfamiliar activity, such as their address or phone number being altered. It is advised to change user access credentials. If the same password is used for other financially-connected apps, change them. Frequently check financial statements for unauthorized transactions. Be on the lookout for scams, whether phone or email. Users should notify their bank or credit bureau that the breach has occurred. For an added sense of security, users can cancel their active cards and get new ones. It is also recommended to enroll in credit monitoring services that can alert users of unauthorized activity, which can sometimes be offered free of charge by the guilty party.