Updated ICO statement on Uber data breach
UPDATE: Wednesday 22 November 2017, 5.35pm
James Dipple-Johnstone said:
“We can confirm that UK citizens have been affected by the data breach involving Uber last October.
“As UK citizens would expect, the ICO is in direct contact with the company to establish the numbers and what kind of personal data may have been compromised.
“We are working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.
“It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers.
“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.”
Wednesday 22 November 2017, 10am
James Dipple-Johnstone, ICO Deputy Commissioner said:
“Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.
“It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.
“We’ll be working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.
“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.”