The Uber office in Washington. Many tech start-ups, including Uber and Airbnb, have attracted massive investments by venture capital firms with the promise they will expand into China, India and other emerging markets. Image Credit: Bloomberg

The Hague: Britain and the Netherlands fined ride-hailing giant Uber more than one million euros (Dh4 million) on Tuesday for hiding a huge data breach for more than one year.

Hackers compromised customers' personal data from some 57 million riders and drivers worldwide in October and November 2016, but US-based Uber kept it secret until November 2017.

Dutch authorities fined Uber 600,000 euros and Britain imposed a 385,000 pound (435,000 euros) penalty, the two countries said in coordinated statements.

Britain's Information Commissioner's Office (ICO) said hackers stole the names, email addresses and phone numbers of 2.7 million customers in the UK from a cloud-based storage operated by Uber's US parent company.

"This was not only a serious failure of data security on Uber's part, but a complete disregard for the customers and drivers whose personal information was stolen," ICO Director of Investigations Steve Eckersley said.


customers and drivers were affected in the Netherlands by the breach.

"At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable."

Around 174,000 customers and drivers were affected in the Netherlands.

"The Uber group received the fine because it has not informed the agency and the parties involved within 72 hours of discovering the leak," the Dutch Data Protection Authority said.

Uber agreed in September to pay a $148 million penalty in the United States over the incident, described as the largest fine in a data breach settlement to date.

The company with an estimated value of more than $70 billion has been trying to burnish its reputation after a series of scandals over alleged misconduct and unethical practices.