Categories: Mobile AppsMobility

Uber Admits 2.7m UK Users Had Data Stolen In Hack

Uber has confirmed that 2.7 million UK customers had their personal details stolen in a 2016 cyber attack.

The company made the admission to the information Commissioner’s Office (ICO) which is investigating the incident, which affected 58 million users and drivers and was kept secret until last week.

New CEO Dara Khosrowshahi explaining he only became aware of the breach recently. Khosrowshahi only joined the company earlier this year and said the company was working with the authorities.

Read More: What on Earth was Uber thinking?

Uber hack

No financial details or journey records were taken by the attackers, who were paid $100,000 to delete the files, but some personal information was stolen and there are no guarantees the data was indeed destroyed.

The ICO said names, mobile phone numbers and email addresses were taken, details which could expose victims to social engineering attempts.

“On its own this information is unlikely to pose a direct threat to citizens,” said James Dipple-Johnstone, Deputy Commissioner at the ICO. “However, its use may make other scams, such as bogus emails or calls appear more credible. People should continue to be vigilant and follow the advice from the NCSC.

“As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised. We would expect Uber to alert all those affected in the UK as soon as possible.

“We are continuing to work with the NCSC plus other relevant authorities in the UK and overseas to ensure the data protection interests of UK citizens are upheld.”

Had the incident taken place after the introduction of the EU’s General Data Protection Regulations (GDPR) next May, the penalties could have been more severe.

The GDPR is to replace the Data Protection Act (DPA) 1998, and the government has confirmed the referendum to leave the EU will not affect the regulations’ implementation in the UK.

The new rules will, amongst other things, vastly increase the power of European data protection authorities to impose fines, with organisations facing penalties of up to 20 million euros, or 4 percent of their annual worldwide turnover, whichever is greater.

By contrast, the ICO can currently impose fines of up to only £500,000.

Quiz: What do you know about Uber?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago