Commissioner v Uber Technologies (cross-border breach)
determination30 July 2021
Respondent
Uber Technologies Inc; Uber B.V.
Facts
Uber failed to protect personal information of 1.2M Australian customers/drivers in the 2016 breach, and concealed the breach for over a year by paying the attacker as a 'bug bounty'.
Outcome
Commissioner determined breaches of APP 11 and Australian regime applied; Uber required to engage an independent expert and implement remediation.
Read the source
https://oaic.gov.au/privacy/privacy-decisions/privacy-determinations/uber-technologies-incRules Mate links to the regulator's own publication. We do not republish full decision text. Always verify the latest status against the source before acting.