Uber"s regulatory woes in the European Union never seems to stop after a huge data breach that occurred two years ago. Late last month, the ride-hailing service was fined more than £900,000 (~$1.149 million) in combined fines in the UK and The Netherlands for that incident. Today, Uber has been slapped with a related penalty in France.
The country"s data protection regulator announced that it has fined Uber €400,000 (~$459,193) for the security incident that affected 57 million users worldwide. It"s worth pointing out that the company is being fined not because of the attack per se, but for its failure to protect the personal data of both its customers and drivers from the incidents that occurred from October to November 2016. According to the French Data Protection Authority, the breach would have been prevented had Uber implemented the proper security measures.
Additionally, the ride-hailing service was accused of covering up the breach for a year before making it known to the public, further compromising the security posture of affected individuals. The attack exposed the names, email addresses, and phone numbers of users to attackers after Uber"s cloud-based database operated by its parent company in the U.S. was unlawfully accessed.
Such lapses would have cost Uber 4% of its global turnover under the EU"s General Data Protection Regulation, though that rule doesn"t apply to this particular case since it took effect only in May.
Source: Agence France-Presse