Uber has agreed to pay $148m in order to resolve an investigation into the 2016 data breach, which it was accused of deliberately concealing.
Settlements with all 50 state attorneys general and Washington, DC will be divided amongst the states. According to New York Attorney General, it’s the biggest ever settlement for a multi-state breach of data.
It was claimed that ride-sharing company had violated notification laws at the state level by concealing that hackers stole personal data of 57 millions users in 2016.
Uber didn’t disclose the breach until late 2017 when it revealed that Uber paid hackers $100,000 for the destruction of the data. Uber settled with the Federal Trade Commission in April. The FTC was looking into claims Uber had deceived its customers about this data breach.
Uber agreed as part of its settlement to create and implement an integrity program that encourages employees to report any unethical conduct. The settlement also included Uber’s agreement to implement model data breach notifications and data security policies, along with hiring an independent third-party to evaluate its data security.
In a statement to the press, New York Attorney General Barbara D. Underwood stated that “this record settlement” should be a message of clear intent: We have no tolerance for anyone who would skirt the laws and expose consumer or employee data. New York is set to receive about $5.1million of the settlement.
Uber’s chief legal officer Tony West said in a blog post that the disclosure of the incident not only was the right thing to have done, but it also embodied the principles we use to run our company today, which are transparency, accountability, and integrity. We’ll keep investing in security measures to protect our customers’ data and to maintain a collaborative and constructive relationship with all governments.
Uber is attempting to improve its practices. Uber, for instance, finally hired its first chief privacy officer in July: Ruby Zefo. She became Uber’s highest-ranking executive responsible for privacy. Matt Olsen was also hired as the chief trust officer and security officer.
