Uber Breached Australians' Privacy Following 2016 Attack
source link: https://news.softpedia.com/news/uber-found-to-have-breached-australians-privacy-following-2016-attack-533599.shtml
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Even tough the leak exposed the personal information of 57 million users and drivers, Uber was not fined by Australia
Uber experienced a data breach 5 years ago that affected over 57 million global users and drivers, including about 1.2 million Australian citizens, according to National Law Review.
The company notified the Office of the Australian Information Commissioner (OAIC) about the incident at the time. Then again, the agency said last Friday that Uber was found to be in violation of the Australian Privacy Act for failing to take any reasonable steps to prevent unauthorized access to Australian personal information.
No fine has been given, despite the infringement, Uber's decision not to inform the victims of the attack individually or report the incident in 2017. However, other jurisdictions have imposed massive fines for the violation, including the United States - $148 million and Great Britain - £385,000.
Uber has been required to develop a data infringement response plan, a security program for information, and rules and processes for the preservation and disposal of data, rather than being fined, by the Office of the Attorney General. The procedures are subject to independent oversight, whereby the OAIC considers to be beneficial.
Even though the data breach was huge, Australia chose not to punish Uber
It is noteworthy that Australia did not impose a monetary penalty despite the severity of the breach and the involvement of a major global business participant in the case.
Uber has strengthened its security rules and procedures after the decision was made and has been accredited to ISO 27001 since then. Following a recent wave of ransomware attacks, Uber has also opted to pay its attackers US$100,000 in order to get the stolen data from its consumers restored.
The Ransomware Payments Bill suggests that mandatory reporting of ransomware attacks would be beneficial in order to better monitor these types of breaches in Australia. It remains to be seen if such payments would have been subject to Australian regulatory supervision if the payment had not been made by the Australian subsidiary while working with a multinational corporation.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK