TechCrunch Desktop Logo
TechCrunch Mobile Logo

French data protection watchdog fines Uber $460,000 for data breach

Romain Dillet

One by one, European countries are slapping Uber with a penalty for the way it handled its 2016 data breach. Today, France’s data protection watchdog, the CNIL, announced it was fining Uber $460,000 (€400,000).

This event was a combination of bad security with bad reaction and good timing. Back in 2016, Uber faced a data breach that affected 57 million users, including 1.4 million users in France.

According to the CNIL’s report, hackers managed to connect to Uber’s GitHub repositories using some employee’s login and password. They then managed to connect to Uber’s Amazon Web Services account and download user data.

How? Very simple. AWS login information was stored in plain text on GitHub.

Two hackers behind 2016 Uber data breach have been indicted for another hack

The CNIL said that it could have been avoided if:

Techcrunch event

Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025

Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.

Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025

Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.

San Francisco | October 27-29, 2025
REGISTER NOW
  • Uber had made two-factor authentication mandatory for the private GitHub repositories.
  • Uber didn’t store AWS login information in plain text on GitHub.
  • Uber used an IP whitelist to connect to AWS.

Uber first tried to cover up the breach by paying hackers $100,000 to make them delete the data set. It eventually disclosed the breach last year.

The only good news for Uber is that the breach happened slightly too early for European Union’s GDPR. Right now, if a company doesn’t report a breach to relevant authorities within 72 hours, they can end up paying a fine of up to 4 percent of the company’s global annual turnover.

British and Dutch authorities previously fined Uber $490,000 and $690,000 respectively (£385,000 and €600,000). Overall, it represents $1.6 million in fines.

Uber’s bill for 2016 breach and cover-up rises by $1M+ on EU fines

Topics

, , , , , ,
Romain Dillet
Romain Dillet was a Senior Reporter at TechCrunch until April 2025. He has written over 3,500 articles on technology and tech startups and has established himself as an influential voice on the European tech scene. He has a deep background in startups, AI, fintech, privacy, security, blockchain, mobile, social and media. With thirteen years of experience at TechCrunch, he’s one of the familiar faces of the tech publication that obsessively covers Silicon Valley and the tech industry — his career started at TechCrunch when he was 21. Based in Paris, many people in the tech ecosystem consider him as the most knowledgeable tech journalist in town. Romain likes to spot important startups before anyone else. He was the first person to cover Revolut, Alan and N26. He has written scoops on large acquisitions from Apple, Microsoft and Snap. When he’s not writing, Romain is also a developer — he understands how the tech behind the tech works. He also has a deep historical knowledge of the computer industry for the past 50 years. He knows how to connect the dots between innovations and the effect on the fabric of our society. Romain graduated from Emlyon Business School, a leading French business school specialized in entrepreneurship. He has helped several non-profit organizations, such as StartHer, an organization that promotes education and empowerment of women in technology, and Techfugees, an organization that empowers displaced people with technology.
View Bio
October 27-29, 2025
San Francisco


ONE-WEEK BUNDLE FLASH SALE

Founder Bundle Offer: Land your investor and sharpen your pitch. Save 15% when you bring 4-9 founders.

Investors Bundle Offer: Discover your next breakout startup. Save 20% when you bring 4-9 investors.

Bundle offer ends October 3.

Register Now
Loading the next article
Error loading the next article