Uber Faces Fine From France For 2016 Data Breach

The French Data Protection Authority said Thursday (Dec. 20) that it fined Uber $460,000 over its 2016 data breach that exposed the data on 57 million customers and drivers across the world. Uber paid hackers to hide the breach for about a year before it was disclosed.

According to a report in Moneycontrol.com, the French Data Protection Authority said the data breach could have been prevented by implementing “certain elementary security measures.”

The French government joins a growing list of countries fining Uber over that data breach. Late last month Reuters reported the Information Commissioner’s Office (ICO) in the U.K., fined the ride-hailing company  $490,760. Meanwhile, the Dutch Data Protection Authority (DPA) fined Uber $678,780. “This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,” ICO Director of Investigations Steve Eckersley said in a statement announcing the fine. “At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.” Meanwhile, the Dutch Data Protection Authority said the breach affected 174,000 people in the Netherlands, and that it would fine Uber for failing to report the breach within 72 hours of discovering it. Earlier this year Uber settled with the state of California, agreeing to pay $148 million over the 2016 breach.

With the data breach a hit to Uber’s reputation, the ride-hailing startup — with an eye toward an initial public offering in the new year — has taken steps to beef up its security. Uber told Reuters in November that it has overhauled its data practice since 2016 and has appointed a chief privacy officer and data protection officer this year. Users, regulators and industry watchers were particularly upset that Uber chose to cover up the data breach for about a year.