French data protection watchdog fines Uber $460,000 for data breach - Techdap -->

French data protection watchdog fines Uber $460,000 for data breach

Friday, May 17, 2019

French data protection watchdog fines Uber $460,000 for data breach

Responsive Leaderboard Ad Area

One by one, European countries are slapping Uber with a penalty for the way it handled its 2016 data breach. Today, France’s data protection watchdog, the CNIL, announced it was fining Uber $460,000 (€400,000).

This event was a combination of bad security with bad reaction and good timing. Back in 2016, Uber faced a data breach that affected 57 million users, including 1.4 million users in France.

According to the CNIL’s report, hackers managed to connect to Uber’s GitHub repositories using some employee’s login and password. They then managed to connect to Uber’s Amazon Web Services account and download user data.

How? Very simple. AWS login information was stored in plain text on GitHub.

Two hackers behind 2016 Uber data breach have been indicted for another hack

The CNIL said that it could have been avoided if:

  • Uber had made two-factor authentication mandatory for the private GitHub repositories.
  • Uber didn’t store AWS login information in plain text on GitHub.
  • Uber used an IP whitelist to connect to AWS.

Uber first tried to cover up the breach by paying hackers $100,000 to make them delete the data set. It eventually disclosed the breach last year.

The only good news for Uber is that the breach happened slightly too early for European Union’s GDPR. Right now, if a company doesn’t report a breach to relevant authorities within 72 hours, they can end up paying a fine of up to 4 percent of the company’s global annual turnover.

British and Dutch authorities previously fined Uber $490,000 and $690,000 respectively (£385,000 and €600,000). Overall, it represents $1.6 million in fines.

Uber’s bill for 2016 breach and cover-up rises by $1M+ on EU fines


Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.