by 👨💻 Simon Baxendale
Uber – the popular taxi-hailing app used by millions worldwide – has had something of a dramatic two years. The firm has been hit by negative press surrounding their vetting of drivers, their choice to apparently increase surge pricing during Trump protests in the US, and regarding their internal workplace culture. The firm has, as a result, gone about remodelling themselves from top to bottom – including installing a new CEO and running a thorough audit of their working processes. Recently, the brand celebrated a decision on their legal place in the City of London being overturned on a temporary lease – but this week, news of a hefty fine hitting Uber has brought the name back under a stormcloud of sorts.
The UK’s Information Commissioner’s Office has this week announced that Uber has been levied with a fine of over $491,000 in light of a data breach that occurred back in 2016. Two years ago, The Guardian reports, Uber was compromised by hackers who were able to access the company’s cloud data, which resulted in the private information of up to 35 million app users being accessed. Drivers, too, were affected – as around 3.7 million freelance staff with Uber found themselves at the mercy of the hacking. However, the main concerns surrounding Uber and this breach largely revolve around the fact that the hack appeared to have been kept away from the knowledge of those affected.
Uber Hit With $1M in Fines Over 2016 Data Breach [video]
The ICO confirmed that the fine applied to Uber comes as a result of the firm failing to maintain adequate information security standards, and that they chose to comply with hacker demands to pay a bounty of $100,000 as opposed to coming clean on what occurred. The bounty was requested in a similar fashion to ‘bug bounty’ operations, where firms offer money rewards to experts who are able to find exploits in code and defense systems.
However, the ICO believes the ‘bug bounty’ system was improperly utilized in these circumstances. “Uber US did not follow the normal operation of its bug bounty programme. In this incident, Uber US paid outside attackers who were fundamentally different from legitimate bug bounty recipients: instead of merely identifying a vulnerability and disclosing it responsibly, they maliciously exploited the vulnerability and intentionally acquired personal information relating to Uber users,” the Office confirmed.
Uber’s Mountain Of Data Breach Fines Just Got $1.2 Million Higher [video]
Uber US has already been fined $148 million for failing to notify its drivers about the hack – is this a lesson that will therefore be learned?