Uber hack: The UK's top cyber crime and data authorities are investigating the massive data breach

Lynsey Barber
Follow Lynsey
The data of 50m Uber users was hacked (Source: Getty)

UK authorities have launched an investigation into the massive hack of Uber which left the data of 50m customers vulnerable.

The Information Commissioner's Office (ICO) has launched a probe of the incident which it said raises "huge concerns" when it comes to ethics and data privacy.

And GCHQ's National Cyber Security Centre (NCSC) will be looking at the breach along with the National Crime Agency (NCA).

“Companies should always report any cyber attacks to the NCSC immediately. The more information a company shares in a timely manner, the better able we are to support them and prevent others falling victim," said a spokesperson for the government agency.

Read more: Uber just admitted it covered up a hack into 57m accounts

“We are working closely with other agencies including the NCA and ICO to investigate how this breach has affected people in the UK and advise on appropriate mitigation measures.

It added that it has not seen evidence that financial details have been compromised "based on current information".

In a strongly worded statement, the ICO's deputy commissioner James Dipple- Johnstone warned that deliberately concealing a breach could result in larger fines.

The hack has only just come to light, but took place late last year and is the latest in a series of scandals for the firm. Uber boss Dara Khosrowshahi, who has only been in the job a couple of months has apologised.

Dipple-Johnstone also signalled that Uber should have alerted it to how UK consumers are affected. The ICO is the official data watchdog and has the power to levy fines against companies.

Here's what the ICO's Dipple- Johnstone said in full in a statement:

"Uber's announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.

"It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.

Read more: Everything you need to know about the Uber hack

"We'll be working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.

"Deliberately concealing breaches from regulators and citizens could attract higher fines for companies."

In addition to a fine, Uber could face legal claims as a result of the breach.

“In legal terms those affected may have claims for compensation for the distress caused and any losses suffered as a result of the misuse of their private information and breach of the Data Protection Act," said Sean Humber, a data protection expert from Leigh Day.

"Uber clearly have many questions to answer with regard to the failure to hold customers’ and drivers’ personal information securely as well as a failure to report the breach to the relevant regulatory authorities and notify those affected."

Related articles