The ICO has confirmed UK users are among those affected by a giant data breach that was covered up by Uber late last year

Uber data breach

The UK’s Information Commissioners Office (ICO) has confirmed that people in the UK have been affected by a giant Uber data breach.

Some 57m users are affected worldwide, as well as 600,000 drivers in the US.

Uber chief executive Dara Khosrowshahi has confirmed that the breach took place in late 2016.

Uber failed to alert regulators when the breach happened last year.

Khosrowshahi, who took on the role of chief executive this September, explained that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service used by Uber. They were able to download huge amounts of data.

In the UK, the ICO is working with the National Cyber Security Centre (NCSC) to work out the scale of the breach and to find what steps Uber needs to take to be compliant with data protection obligations.

In a statement, ICO deputy commissioner James Dipple-Johnstone said:  “It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers.”

“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies,” Dipple-Johnstone added.

The scale of the breach is huge. In comparison, extramarital-affairs website Ashley Madison made global headlines when sensitive customer data for over 39m members was stolen in 2015. The data stolen included secual fantasies, home addresses, names and credit card details.

However, it is not the biggest data breach to ever occur. Internet giant Yahoo saw more than one billion user accounts compromised in a data breach dating back to August 2013.