The Uber Hack: How not to respond to a data security breach

24 November 2017 02:41 PM | #Business Resources

News has just broken that Uber concealed a major data security breach in which names, email addresses, and phone numbers associated with around 50 million customers were leaked, along with similar personal information of 7 million drivers.  Given the scale, it seems likely that the personal data of UK and EU citizens has been accessed by the hackers – how the authorities react will be worth watching for all data-oriented companies going forward.

Uber may consider itself lucky that this breach took place well before the May 2018 implementation of the incoming General Data Protection Regulation (GDPR), which would have allowed for fines of up to 4% of global turnover: an eye-watering ceiling of some $260million USD based on Uber’s reported revenue of $6.5 billion in 2016.  With so many eyes on this, it is a useful case study for comparing the current and future regimes in the UK.  For businesses that experience a data security breach pre-GDPR:

From May 2018, the GDPR comes in and things change substantially: