The ICO said the way in which Uber dealt with a major data breach has raised "huge concerns" over the company's data protection policies and ethics.
The UK's data regulation body said concealing a data breach should come with a much larger fine than the standard penalities imposed on organisations that fail to sufficiently protect their customers' data. Uber is alleged to have paid the hackers $100,000 not to mention it had hacked the taxi booking app's systems, according to Bloomberg.
"It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers," ICO deputy commissioner James Dipple-Johnstone said in a statement.
"If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed."
The ICO said it would investigate into the breach, including ascertaining how many UK citizens have been affected and to what extent. Uber revealed that information such as names, email addresses and mobile phone numbers had been accessed, but there's currently no evidence that social security numbers, payment details and trip data was stolen.
"We'll be working with the National Cyber Security Centre (NCSC) plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations," Dipple-Johnstone added.
The NCSC has also spoken out against Uber's actions, saying that any company that finds it has been subject of a cyber attack shoud report it immediately for the safety of citizens.
"The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim," it said.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Uber hit with €290m fine for storing European driver data in the USNews The fine marks the latest imposed on Uber by the Dutch data protection authority
-
Uber says compromised third-party to blame for data breachNews Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three months
-
Uber launches infosec hiring spree after attributing breach to LAPSUS$News The company also hinted at the belief that LAPSUS$ was also behind the attack on Rockstar Games over the weekend in a revealing update detailing the inner workings of the attack
-
Uber hacked via basic smishing attackNews The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages
-
Former Uber security chief to face fraud charges over hack coverup
News This is thought to be the first instance of a corporate information security officer criminally charged with concealing a hack
-
Former Uber CSO charged for data breach cover-upNews Joseph Sullivan allegedly paid $100,000 to conceal the ride-hailing firm's 2016 data breach
-
Uber CISO: There was no justification for hiding data breachNews Senators slam taxi firm for cover-up of hack affecting 57 million people
-
Uber paid $100,000 for hackers' silence over huge data breachNews Hackers stole 57 million drivers' and users' details, but Uber didn't say a word
