British and Dutch regulators on Tuesday fined ride-hailing service Uber for failing to protect customers' personal information during a 2016 cyber attack involving millions of users.
The Information Commissioner's Office (ICO) in Britain slapped a £385,000 ($490,759.50) fine on the firm, while the Dutch Data Protection Authority imposed a fine of â¬600,000 ($678,780.00) on Uber. The combined total is around $1.17 million.
Uber revealed last year that around 2.7 million people in the UK were affected by the 2016 data breach that it kept secret until 2017. The records of almost 82,000 drivers based in the UK were also taken, the ICO said.
Read more: Uber has estimated 2.7 million people in the UK were affected by its massive data breach
In total, hackers stole details belonging to 50 million riders and seven million drivers, as well as customer information.
"This was not only a serious failure of data security on Uber's part, but a complete disregard for the customers and drivers whose personal information was stolen," said the ICO's Director of Investigations Steve Eckersley.
"At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable."
Earlier this year, Uber paid $148 million to settle the hack in the US after failing to disclose it properly. The company reached the agreement with all 50 states and the District of Columbia.
Business Insider has contacted Uber for comment.