American and UK Companies Face Elevating Regulatory Fines for Data Breaches

Uber has agreed to settle a U.S. nationwide investigation into its 2016 data breach for $148 million. The ridesharing company’s 2016 breach led to the leak of personal data of 57 million Uber users and drivers, yet the company kept the breach undisclosed for two years and intentionally refrained from informing consumers and regulators, in violation of state data breach notification laws. The investigation was led by the Attorney Generals of all 50 states and the District of Columbia.

Meanwhile, on the other side of the Atlantic, the UK Information Commissioner’s Office (ICO) – the British privacy watchdog – imposed a ₤500,000 fine on Equifax’s UK operations in the wake of Equifax’s monumental 2017 data breach. The breach not only impacted 143 million Americans but also more than 17 million Britons whose personal data had leaked. The ICO alleged that Equifax had failed to adequately secure the data and had retained an excessive and unnecessary scope of personal data over time – both of which are data protection violations that the ICO found to have contributed to the breach.