Uber hack: EU data protection bods launch taskforce

Justice commissioner slams biz for 'irresponsible' behaviour

By Rebecca Hill


The European Union’s group of data protection watchdogs has launched a taskforce into the Uber data breach that affected 57 million users worldwide.

The Article 29 Working Party discussed the breach, which took place in October 2016 but was only revealed last week, at its November plenary meeting yesterday.

The taskforce will be led by the Dutch Data Protection Authority - Uber’s European HQ being based in Holland.

At the moment, the group said, the taskforce is made up of representatives from the French, Italian, Spanish, Belgian and German agencies, as well as the UK’s Information Commissioner’s Office.

Full details of the taskforce’s plans for the investigation have not yet been made public, but a spokeswoman previously said the aim was to coordinate the approach taken by the European authorities.

It is likely to consider the way Uber dealt with the breach, which saw the firm attempt to cover it up by bunging $100,000 to the hackers, disguised as a bug bounty payment, in exchange for their silence.

The taxi biz’s actions have also been condemned by European justice commissioner Vĕra Jourová.

Speaking at a data protection conference in Brussels today, she said that the breach, and the fact Uber waited more than a year to 'fess up, was an example “of the privacy challenges we face in the digital age”.

Jourová added that the incoming General Data Protection Regulation would “allow us to respond adequately to such irresponsible behaviour”.

Uber has also been called out for other regulatory failings elsewhere, with Transport for London rejecting its application for a new licence, saying it was not “fit and proper” to hold one in the capital.

Meanwhile, The Financial Times reported yesterday that Uber’s latest quarterly results showed adjusted losses had widened to $734m, up 14 per cent on the previous quarter. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Er, we have 670 staff to feed now: UK's ICO fines 100 firms that failed to pay data protection fee

Enforcing GDPR is expensive work, says watchdog

Campaigners call for immigration exemption in UK's Data Protection Act to be scrapped

Judicial review into law launched

Cambridge Analytica seeks data protection assistant

Jobseeker? You may have heard of it...

Reel talk: You know what's safely offline? Tape. Data protection outfit Veeam inks deal with Quantum

Magnetic strips barrier to ransomware, burble box-flingers

US tech circles wagons as India reviews data protection proposals

Ex-Cisco CEO-chaired lobby leading the charge

IT management software crowd Kaseya buys cloudy data protection crew Spanning

Private equity holdings shuffle

Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

Anyone with URL could see lists of case study projects's Brexiteers warned not to push for divergence on data protection laws

As PM lacks specifics on UK’s desired ‘adequacy-plus’ deal

Big tech wants the ICO on EU data protection board in Brexit fallout

Watchdog keeping voting rights 'huge gain' for marketing sector, say Facebook, Google et al

UK regulator moots data protection sandbox for organisations to play in

ICO strategy outlines plans to slurp up academic expertise