Uber agrees to $148m settlement in US over data breach

2018-09-27 06:19

Uber will pay $148m and tighten data security after the ride-hailing company failed for a year to notify drivers that hackers had stolen their personal information, according to a settlement announced on Wednesday.

Uber Technologies Inc. reached the agreement with all 50 states and the District of Columbia after a massive data breach in 2016. Instead of reporting it, Uber hid evidence of the theft and paid ransom to ensure the data wouldn't be misused.

"This is one of the most egregious cases we've ever seen in terms of notification; a yearlong delay is just inexcusable," Illinois Attorney General Lisa Madigan told The Associated Press. "And we're not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches."

Uber, whose GPS-tracked drivers pick up riders who summon them from cellphone apps, learned in November 2016 that hackers had accessed personal data, including driver's license information, for roughly 600 000 Uber drivers in the US.

The company acknowledged the breach in November 2017, saying it paid $100 000 in ransom for the stolen information to be destroyed.

The hack also took the names, email addresses and cellphone numbers of 57 million riders around the world. After significant management changes in the past year, Tony West, Uber's chief legal officer, said the decision by current managers was "the right thing to do."

"It embodies the principles by which we are running our business today: transparency, integrity, and accountability," West said. "An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward."

The settlement requires Uber to comply with state consumer protection laws safeguarding personal information and to immediately notify authorities in case of a breach; to establish methods to protect user data stored on third-party platforms and create strong password-protection policies. The company also will hire an outside firm to conduct an assessment of Uber's data security and implement its recommendations.

West said the commitments in the settlement coincide with physical and digital safety improvements the company recently announced. Uber hired a longtime in-house counsel for intel as chief its privacy officer and selected a former general counsel to the National Security Agency and director of the National Counterterrorism Center as the company's chief trust and security officer.

The settlement payout will be divided among the states based on the number of drivers each has. Illinois' share is $8.5m, said Madigan, who plans to provide $100 to each affected Uber driver in Illinois. The payout was similar to what several other states had estimated.

Read more on:    uber  |  us

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X

Inside News24

 
/News
Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.