THE NETHERLANDS–The Dutch Personal Data Authority fined Uber 600 thousand euros for not reporting a major data leak in 2016 in time. The leak meant that unauthorized persons had access to millions of Uber customers’ and drivers’ personal data, the Authority said on Tuesday, NU.nl reports.
Uber had 72 hours from discovery to report the leak. The ride-hailing service became aware of the leak on November 14th, 2016. Uber tried to hide the leak and even paid the responsible hackers $100,000, around 88 thousand euros, to conceal it. The leak was finally reported to the Dutch Personal Data Authority a year later, on November 21st, 2017.
In this data breach hackers gained access to the names, email addresses and mobile phone numbers of 57 million people – 50 million customers and 7 million drivers. Some 174 Dutch customers and drivers were affected.
This is the first time the Dutch Authority imposes a fine, according to the newspaper. The Dutch Authority investigated the leak incooperation with other European regulators, including from Belgium, Germany, France, Italy, Spain and the United Kingdom. In addition to the Dutch fine, Uber also faces a fine of 385 thousand pounds, around 434 thousand euros, from the United Kingdom.