The Office of the Australian Information Commissioner (OAIC) has handed down its determination that Uber interfered with the privacy of over 1 million Australians in 2016.
Australia’s Information Commissioner and Privacy Commissioner Angelene Falk on Friday said US-based Uber Technologies Inc and Dutch-based Uber B.V. failed to appropriately protect the personal data of an estimated 1.2 million Australian customers and drivers, when it was accessed from a breach in October and November 2016.
It came to light in late 2017 that hackers had stolen data pertaining to 57 million Uber riders worldwide, as well data on more than 600,000 drivers. Instead of notifying those impacted, Uber concealed the breach for more than a year and paid a hacker to keep it under wraps.
While Uber required the attackers to destroy the data and there was no evidence of further misuse, OAIC said its investigation focused on whether Uber had preventative measures in place to protect Australians’ data.