Uber has today estimated that the data breach which occured in October 2016 has affected approximately 2.7 million user accounts in the UK that were using its service or working for the company in the UK at that time.
Uber have stated that this information included names, email addresses and mobile phone numbers related to accounts globally. Uber have stated they have not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded. Based on current information, Uber have stated that they have not seen evidence that financial details have been compromised.
The Information Commissioner’s Office (ICO) have directed Uber to provide them with technical reports that should help UK authorities, in particular the ICO and National Cyber Security Centre (NCSC), to verify these figures and whether any additional types of personal data have been compromised. The Government expects Uber to cooperate fully and promptly with the ICO and the NCSC.
The ICO and NCSC will continue to work tirelessly with Uber to ensure this information is correct. The Government expects Uber to respond fully to the incident with the urgency it demands and to provide the appropriate support to its customers and drivers in the UK. Uber users should continue to be vigilant and follow the advice from the NCSC, which can be found on their website.
The Government takes both the protection of personal data and the right to privacy extremely seriously. It is always the company's responsibility to identify when UK citizens have been affected as part of a data breach and to take steps to reduce any harm to consumers, and it is welcome Uber has done this.
The Government is strengthening the UK’s data protection regime through a new Data Protection Bill, which will give more powers to the ICO to defend consumer interests and issue higher fines of up to £18 million or four per cent of global turnover, in cases of the most serious data breaches.
The ICO, NCSC and other relevant authorities in the UK and overseas will continue to work together to ensure the data protection interests of UK citizens are upheld.