Taiwan car rental, carshare platform iRent fined NT$200,000 for data leak

台灣汽車租賃、共乘平台iRent因資料外洩被罰新台幣20萬元

Highway Directorate General confirms iRent did not take appropriate cyber security measures


TAIPEI (Taiwan News) — The Directorate General of Highway is issuing a NT$200,000 (US$7200) fine to iRent, a car rental and carshare service, after confirming the company failed to come up with a satisfactory user data protection plan, which led to a data leak.

Following an audit conducted on Saturday (Feb. 4), the Directorate General of Highway confirmed that the company did not have a comprehensive personal information security maintenance plan in place according to the Personal Data Protection Act and the Regulations on Automobile Transportation Business Personal Data File Security Maintenance Plan and Management. Due to this issue, 400,000 personal data entries were exposed online.

According to TechCrunch, a cloud server containing 4.2 terabytes of user data including names, phone numbers, addresses, driver's licenses, and payment details had not been password protected, leaving it open for anyone who knew its IP address. Due to the severity of the incident, iRent received the maximum penalty of NT$200,000, and is subject to more if it does not rectify the issue by Feb. 28.

Meanwhile, Taipei City Government announced that it has also issued a maximum fine of NT$90,000 to the company for violating the Regulations on Taipei Shared Transportation Service Provider Management.

SETNews reported that in response to the penalty, iRent said it received a notice from the Directorate General of Highway on Feb. 1 requiring it to provide a plan to improve customers’ personal data protection within two days. However, it was unable to submit all the documents required until Monday (Feb. 6).

Having received the penalty notice, iRent promised to improve its cyber security to avoid the data leak from happening again.