Uber Technologies Inc. has been fined $1.2 million by two European countries over a large data breach in 2016 that it failed to disclose until late 2017.

The data breach, revealed in November 2017, involved the theft of records, including the names and drivers license numbers of about 600,000 Uber drivers in the U.S. along with the personal information of 57 million Uber users worldwide.

Worse still, it was also revealed that Uber’s then-chief security officer paid those behind the hack $100,000 to delete the stolen data and keep the breach quiet.

The fines came from two countries, the U.K. and the Netherlands. The U.K.’s Information Commissioner’s Office fined Uber £385,000 ($490,500) for “failing to protect customers’ personal information during a cyberattack” while the Dutch Data Protection Authority imposed a fine of €600,000 ($677,500) for violating Dutch data protection laws.

The ICO noted in a press release that the hack resulted in the personal details of about 2.7 million U.K. Uber customers being stolen as well as the records of 82,000 drivers based in the U.K., including details of journeys made and how much they were paid.

“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen,” ICO Director of Investigations Steve Eckersley said. “At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Uber, which under the leadership of Chief Executive Officer Dara Khosrowshahi has continued to attempt to purge the sins of its troubled past, actually welcomed the fines.

“We’re pleased to close this chapter on the data incident from 2016,” Uber said in a statement reported by Gizmodo. “As we shared with European authorities during their investigations, we’ve made a number of technical improvements to the security of our systems both in the immediate wake of the incident as well as in the years since. We’ve also made significant changes in leadership to ensure proper transparency with regulators and customers moving forward.”

Earlier this year, the company added, it hired its first chief privacy officer, data protection officer and a new chief trust and security officer. “We learn from our mistakes and continue our commitment to earn the trust of our users every day,” the company said.

Photo: Pexels