Uber has been fined $1.7M by data protection regulators in the UK and Netherlands. The close to $2 million judgement comes two years after the 2016 data breach and subsequent cover-up that affected 57 million people worldwide.
The judgment might seem small when compared to Uber’s revenue and the massive number of people affected- but that’s due in part to the fact that the data breach occurred when antiquated, weaker privacy laws were in place. Now, under the new General Data Protection Regulation (GDPR), Fortune reports that current violators could be fined up to 4% of the company’s global annual revenue.
Uber user’s names, email addresses, phone numbers and journey routes were stolen by a hacker whom Uber later paid $100,000 to keep quiet and destroy the information.
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable,” Steve Eckersley, the director of investigations at the U.K. Information Commissioner’s Office, told Fortune.
In September, Uber reached an agreement with all 50 U.S. states and DC to pay out $148M in fines and was ordered to tighten security.
Thanks for reading InsideHook. Sign up for our daily newsletter and be in the know.