back to article Uber fined £385k by ICO for THAT hack of 57m customers' deets

The UK’s data watchdog has slapped a £385,000 penalty on app-not-driving-service baddie Uber for security weak spots that attackers exploited to expose the details of millions of customers. Two fiends accessed the data after snatching login credentials for Uber's AWS S3 data stores from the firm's GitHub code repo. The hack, …

  1. jms222

    Peanuts

    So how many pence is that per breach ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Peanuts

      Quite. Unfortunately at this breach took place under the previous DPD regime, the ICO's hands are tied in the penalties they can apply. Going forward under GDPR European Information Commissioners have much bigger sticks with which to beat transgressors.

    2. DJ Smiley

      Re: Peanuts

      My math must be off....

      I worked it out as 0.6p/person

      1. katrinab Silver badge

        Re: Peanuts

        I work out out as 14p per person. You divide the £385,000 by the 2,700,000 UK customers caught up the the breach, not the 57,000,000 customers worldwide.

        1. DJ Smiley

          Re: Peanuts

          That's the 2.7Million they admitted getting pinched. Surely they wouldn't lie about the numbers, would they?!

          1. katrinab Silver badge

            Re: Peanuts

            If they were to massage the figures, in which direction would they massage them? They wouldn't want people to think they only had 15 customers in the UK.

        2. Anonymous Coward
          Anonymous Coward

          Re: Peanuts

          I work out out as 14p per person.

          14p per British user, circa £3.61 per Dutch user.

          You could almost believe that the British government were a bunch of clueless patsies who'd been bought by US big data corporations. It'll be interesting to see how different national regulators apply GDPR rules.

          1. Anonymous Coward
            Anonymous Coward

            Re: Peanuts

            "14p per British user, circa £3.61 per Dutch user. You could almost believe that the British government were a bunch of clueless patsies ..."

            I'm somewhat surprised they didn't get closer to the maximum fine (it's probably due to the reporting not being mandatatory bit), but even if they had have imposed the maximum fine available, it wouldn't have pro-rated anywhere near to the Dutch one - the maximum fine available to the ICO was £500,000, which would have worked out at 18p/user. IIRC, the £500,000 maximum penalty is set by the previous European data protection directive.

  2. Pascal Monett Silver badge

    Couldn't happen to a nicer company

    Anything that makes Uber execs bleed is music to my ears.

    1. Commswonk

      Re: Couldn't happen to a nicer company

      Anything that makes Uber execs bleed is music to my ears.

      Would that that were true, but it isn't. The fine will ultimately be paid by its customers; the taxi passengers. That is the big failing of fines for corporate misconduct - the company pays from its source of income, because that is the only money that it actually has. Even if it has £££ in the bank, that money came from those who bought its services or products.

      Unfortunately.

      1. BebopWeBop
        Joke

        Re: Couldn't happen to a nicer company

        And the shareholders - will no-one remember the shareholders

        1. katrinab Silver badge

          Re: Couldn't happen to a nicer company

          Like the husband of the Chief Magistrate at Westminster Magistrates Court[1] who has given favourable rulings[2][3] in court cases against them?

          [1] https://www.theguardian.com/technology/2018/aug/18/uber-judge-steps-aside

          [2] https://www.theguardian.com/technology/2018/jun/26/uber-case-licence-london

          [3] http://www.localgovernmentlawyer.co.uk/index.php?option=com_content&view=article&id=35993%3Aprosecution-of-uber-driver-dismissed-amid-claims-app-was-plying-for-hire&catid=61&Itemid=29

      2. Oddlegs

        Re: Couldn't happen to a nicer company

        The fine will ultimately be paid by its customers; the taxi passengers

        Not really. Uber can't just increase prices to compensate because they're already being squeezed by competitors. They're already suffering huge losses. If they could increase prices by x% with no loss of custom then they would have done so already. As a result of this fine Uber will actually have to report lower profits (or in their case higher losses)

        1. DJO Silver badge

          Re: Couldn't happen to a nicer company

          I really think fines for corporate malfeasance should be paid out of the board of directors pension fund, if that runs out then from the board personally.

          Otherwise it's just another business expense - and for the board it's bonuses all round, as usual.

          1. katrinab Silver badge
            Unhappy

            Re: Couldn't happen to a nicer company

            If it was paid from the pension fund, that would lead to a pension deficit, which I'm sure the Board would wish to remedy as soon as possible.

      3. phuzz Silver badge

        Re: Couldn't happen to a nicer company

        "The fine will ultimately be paid by its customers; the taxi passengers."

        As far as I know, they're already deliberately under-charging in order to build up their business, so they daren't raise prices until they've killed off all competition (be that other ride-sharing companies, traditional taxis, or public transport).

    2. Voland's right hand Silver badge

      Re: Couldn't happen to a nicer company

      You call this bleed? This more like gently tickling them with a feather. Once.

  3. Version 1.0 Silver badge

    Quite profitable ...

    .... for somebody. Where's the money going? Uber screws up and pays a fine, but what about their customers? They are sorting through more spam in the mailbox and checking their credit card statements for bogus charges for the next 5-10 years ... no help for them.

  4. Anonymous Coward
    Anonymous Coward

    £385k? Do you have change for this £1m note we found down the back of the sofa?

    £385,000 here, £385,000 there. Pretty soon it adds up to real mone.... no, wait- no it doesn't.

    1. Version 1.0 Silver badge

      Re: £385k? Do you have change for this £1m note we found down the back of the sofa?

      Exactly - current estimates value Uber at $120 billion ... $120 billion? That's more than Enron was worth.

      1. A. Coatsworth Silver badge

        Re: £385k? Do you have change for this £1m note we found down the back of the sofa?

        Enron... That's actually a very nice comparison, looking back at how it all ended.

        Will history repeat itself? Stay tuned...

        1. Anonymous Coward
          Pint

          Re: Will history repeat itself? Stay tuned...

          Yes. Now that I saved us all that time, what else can we do? (See icon)

      2. John Brown (no body) Silver badge

        Re: £385k? Do you have change for this £1m note we found down the back of the sofa?

        "Exactly - current estimates value Uber at $120 billion ... $120 billion? "

        I know that the "value" of a company is based on what the analysts and share holder think the future profits will be, but in this case, one wonders if they will ever make a profit. The valuation is obscene and I suspect self-driving taxis are a lot further away than the investor/share holder think. It'd not surprise me in the least that the execs already have an exit strategy for when/if the company goes TITSUP and they all jump out with their golden parachutes while everyone else carries the can.

  5. Anonymous Coward
    Anonymous Coward

    Ads

    I see they are now advertising their.........er.........services on UK telly now. Roll up, roll up to be assaulted and abused in a stranger's car. Stand in line for a roasting. Fist (sorry......FIRST!) come, first served.

  6. N2

    £385K

    Thats cock all,

    I suppose they think Uber is a small biz run from a backroom.

  7. Reality_Ccheque

    325K! Mmmm... nice! How much do the victims get?

  8. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like