Business leaders know that their success is pinned to the strength of the brand and its balance sheet. And when cyberattacks or data breaches land, there’s usually fallout. Two companies that are deep in that mess right now are Uber and Facebook.

Today, British and Dutch officials levied fines on Uber for its 2016 data breach that revealed personal details of nearly 60 million users and drivers. What had made that breach even more egregious was that Uber had paid the cybercriminals $100,000 to delete the stolen data and keep the whole incident secret. For its actions, Uber was hit with a combined penalty of US$ 1.17 million. This latest penalty comes on top of a settlement announced in the US in September for $148 million.

Meanwhile, elsewhere in Europe, policymakers from nine countries gathered in London for a joint hearing to address Facebook’s mishandling of users’ personal information and its propagation of fake news and misinformation. While the social media firm’s CEO declined to attend, regulators let loose on Facebook’s vice president of policy solutions, who did show up. Sharp rebukes came from around the world, blasting Facebook for its role in providing a platform for hate speech and misinformation that sways elections and triggers violence.

In October, the UK fined Facebook £500,000 (about $645,000) for the Cambridge Analytica debacle, in which the personal information of about 87 million people was accessed. While that fine is relatively small, it was the maximum amount allowed under today’s laws. Newer laws will make such fines steeper in the future, according to Gizmodo. “The miniscule fine was the most allowed under the law, but Facebook can probably find that kind of money in its couch cushions. Based on last year’s revenue, Facebook makes $645,000 in less than 9 minutes of operation.”

US senators are set to conduct their own hearing, as well. The plan, according to The Washington Post, is “grilling members of the Federal Trade Commission, the agency that’s currently investigating Facebook for its privacy mishaps.”

As fines get steeper, and regulators, investors, and consumers become more outraged with cybersecurity mismanagement that affects lives, the businesses impact will likely be more severe.