UK and Holland fined Uber for $ 1.2 million for leaking personal data

    The authorities of Great Britain and Holland fined the European Uber for $ 1.2 million for the leak of personal data of 7 million drivers and 57 million passengers, which occurred in 2016. Including information was stolen about 2.7 million passengers and 82 thousand drivers from the UK and 174 thousand citizens of the Netherlands. For comparison, in the United States Uber agreed to pay $ 148 million for pre-trial settlement.

    The compromised information contained names, email addresses and telephone numbers, as well as 600 thousand US driver's license numbers.

    Let me remind you that in October 2016, Uber was paid to an attacker, who turned out to be a 20-year-old American, $ 100,000 for deleting data and not advertising the fact of theft of personal data.

    The general public about this incident became known on November 21, 2017, when the new head of Uber Dara Khosrovshahi made a statement. He said that there was no hacking of the company's internal IT system. According to him, the company uses a third-party cloud storage service, on which the stolen information was placed and to which the extortionist got access.

    In this particular case, we are talking about two cloud services at once: GitHub and Amazon Web Services (AWS). GitHub is the largest service for joint development and storage of source codes, where the Uber developers saved the access keys to the company's account in AWS. Since the source repository is open, anyone could get information to access Uber data stored in the Amazon cloud. Having gained access to AWS using a key from GitHub, the attacker downloaded 16 files with personal data from there. About data leak prevention on GitHub, we wrote a separate article on Habré .

    It should be noted that these penalties of the authorities of Great Britain and Holland were imposed even before the General Data Protection Regulation (GDPR) entered into force.

    Regular news about individual cases of data leakage, promptly published on the channel Information Leaks .

    Also popular now: