British and Dutch authorities levied the fines on Uber for the way it handled a 2016 cyberattack that allowed hackers to access the full names, email addresses, and phone numbers of 2.7 million U.K. users and 174,000 users in the Netherlands, reports CNBC. That 2016 data breach saw 57 million users and drivers worldwide have their data stolen. Oh, and Uber paid the hackers $100,000 to delete the data and conceal the hack.
While British and Dutch authorities said that while Uber failed “to protect customers’ personal information during a cyberattack,” their main complaint leading to the fines was that Uber hid the attack from the public for more than a year, not admitting to it until November 2017.
This past September Uber agreed to pay a $148 million fine in the U.S. for the same breach. As for the British and Dutch fines Uber must now pay–well, the company dodged a bullet. Because the cyberattack occurred in 2016, Europe’s GDPR rules were not in place yet. Had they been, Uber would have been liable for fines totaling 4% of its global revenue.