French data protection watchdog fines Uber $460,000 for data breach – TechCrunch


One by one, European countries are slapping Uber with a penalty for the way it handled its 2016 data breach. Today, France’s data protection watchdog, the CNIL, announced it was fining Uber $460,000 (€400,000).

This event was a combination of bad security with bad reaction and good timing. Back in 2016, Uber faced a data breach that affected 57 million users, including 1.4 million users in France.

According to the CNIL’s report, hackers managed to connect to Uber’s GitHub repositories using some employee’s login and password. They then managed to connect to Uber’s Amazon Web Services account and download user data.

How? Very simple. AWS login information was stored in plain text on GitHub.

The CNIL said that it could have been avoided if:

  • Uber had made two-factor authentication mandatory for the private GitHub repositories.
  • Uber didn’t store AWS login information in plain text on GitHub.
  • Uber used an IP whitelist to connect to AWS.

Uber first tried to cover up the breach by paying hackers $100,000 to make them delete the data set. It eventually disclosed the breach last year.

The only good news for Uber is that the breach happened slightly too early for European Union’s GDPR. Right now, if a company doesn’t report a breach to relevant authorities within 72 hours, they can end up paying a fine of up to 4 percent of the company’s global annual turnover.

British and Dutch authorities previously fined Uber $490,000 and $690,000 respectively (£385,000 and €600,000). Overall, it represents $1.6 million in fines.

Source link

Products You May Like

Articles You May Like

Digital Garage teams up with Blockstream to develop blockchain financial services in Japan – TechCrunch
FanDuel co-founder Tom Griffiths just closed a seed round for his decidedly noncontroversial new startup, Hone – TechCrunch
This $350,000 Swiss watch looks like an Apple Watch, chimes to tell the time – TechCrunch
Dreaming of Mars, the startup Relativity Space gets its first launch site on Earth – TechCrunch
The case against behavioral advertising is stacking up – TechCrunch

Leave a Reply

Your email address will not be published. Required fields are marked *