Uber announceds European operation has been fined for 3 years.
In November 2016, attackers received credentials to access Ubers cloud servers and downloaded 16 large files, including 35 million users worldwide. The records include passengers.
Drivers were also affected, with 3.7 million, including 82,000 from the UK, having their weekly share, trip summaries and, in a small number of cases, driver's license numbers accessed.
The ICO said the breach was banned by $ 100,000 as a caused bug bounty decision. Such bounties are common in the security world, with companies offering rewards.
However, the ICO wrote, I Uber US. In this incident, Uber US paid outside attackers were a pioneer in identifying malicious malicious males.
It is notified that the personal data has been discarded. Rather, the company has been used for 12 months after the attack.
However, the potential penalty was mitigated by the fact that Uber ,s European misunderstanding
Uber US was ordered in September to $ 148m for failing to notify drivers about the breach.
Uber Europe has been contacted for comment.
The timing of the breach of the old-age data protection act by 1998, in which the maximum financial penalty of £ 500,000. Under the DPA 2018, which brings the EU's general data protection regulation into British law.