Uber fined by British, Dutch regulators for 2016 data hack

British and Dutch regulators on Tuesday slapped Uber with more than $1 million in fines for failing to adequately protect its customers’ information during a 2016 data breach that affected 57 million Uber users worldwide, Reuters reported.

Britain’s Information Commissioner’s Office (ICO) fined Uber $490,760 while the Dutch Data Protection Authority fined the ride-hailing service $678,780. The names, email addresses and phone numbers of millions of Uber users were exposed during the breach, according to Reuters. 

The breach affected the majority of Uber riders in the U.K. and 174,000 people in the Netherlands.

{mosads}”This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,” ICO Director of Investigations Steve Eckersley said in a statement. 

“At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Uber told The Hill it has worked to improve its security mechanisms since the hack two years ago and noted changes in leadership to help with “proper transparency.”

“We’re pleased to close this chapter on the data incident from 2016,” Uber said in a statement. “As we shared with European authorities during their investigations, we’ve made a number of technical improvements to the security of our systems both in the immediate wake of the incident as well as in the years since. We’ve also made significant changes in leadership to ensure proper transparency with regulators and customers moving forward. Earlier this year we hired our first chief privacy officer, data protection officer, and a new chief trust and security officer. We learn from our mistakes and continue our commitment to earn the trust of our users every day.”

Uber last November said that it paid the hackers $100,000 to destroy the stolen information instead of notifying regulators or the customers affected, Financial Times reported.

The company in September agreed to pay a $148 million nationwide settlement resolving allegations that the ride-hailing company failed to properly report the massive data breach.