Ride sharing company Uber was handed a £385,000 fine
from the Information Commissioner’s Office (ICO), the
UK’s data protection watchdog, for having failed to protect
customers’ personal information during a cyberattack.
The ICO said a series of avoidable data security flaws
allowed the personal details of around 2.7 million UK
customers to be accessed and downloaded by attackers
from a cloud-based storage system operated by Uber’s US
parent company. This included full names, email addresses
and phone numbers.
An Uber spokesperson said the company had made a
number of technical improvements to the security of its
systems both in the immediate wake of the incident as well
as in the years since.
It has also hired a chief privacy officer, data protection
officer and a new chief trust and security officer, stating
the company is continuing in its commitment to earn
the trust of its users.
Question and answer website
Quora announced it had discovered
that some user data was compromised
as a result of unauthorised access to one
of its systems by a malicious third party.
For approximately 100 million Quora users,
the following information may have been
• Account information, e.g. name, email
address, encrypted (hashed) password,
data imported from linked networks when authorised by users
• Public content and actions, e.g. questions, answers,
• Non-public content and actions, e.g. answer requests, downvotes,
The company said it is still investigating the precise causes of the breach
and, in addition to the work being conducted by internal security teams, it
has retained a leading digital forensics and security firm to assist it.