Uber to Pay Record $148 Million Fine for Concealing 2016 Data Breach

Illustration for article titled Uber to Pay Record $148 Million Fine for Concealing 2016 Data Breach
Photo: AP

Uber will pay a $148 million fine as part of a settlement reached with state law enforcement officials over allegations it attempted to conceal a 2016 data breach affecting millions of its users, the company said.

Advertisement

The rideshare company has also agreed to adopt new data security and breach notification policies, not limited to the hiring of a third-party auditor to regularly assess its practices. Additionally, the settlement requires Uber to develop and implement a “corporate integrity program” designed to aid employees who seek to report ethics concerns.

In November, it was revealed that Uber had, in early 2016, paid off “hackers” who gained access to the personal data of 57 million Uber riders, including email addresses, phone numbers, and drivers licenses numbers. Disclosure of the secret payment, $100,000, led to the firing of multiple executives.

Advertisement

In a statement, Uber Chief Legal Officer Tony West said that he was “pleased” to announce the settlement while praising the company’s “current management” over its decision to disclose the incident. “We know that earning the trust of our customers and the regulators we work with globally is no easy feat,” he said. “After all, trust is hard to gain and easy to lose.”

Citing recent hires Ruby Zefo and Matt Olsen—Uber’s new chief privacy officer and chief trust & security officer, respectively—West said the company will continue to invest in its security and remains committed “to maintaining a constructive and collaborative relationship with governments around the world.”

The New York State Attorney General’s office said it played a lead role in securing the settlement, which involves 50 states plus the District of Columbia. The office had been probing the Uber breach independently before joining the multistate investigation run by the attorneys general.

“This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation,” New York Attorney General Barbara Underwood said in a statement. “We’ll continue to fight to protect New Yorkers from weak data security and criminal hackers.”

Advertisement

News of the settlement came as executives for Apple, Google, Amazon, and other leading tech companies testified on Capitol Hill about the need for a national privacy law that would also create a single breach notification policy for the entire country, replacing the confusing patchwork of state laws currently protecting consumers.

Senior Reporter, Privacy & Security

Share This Story

Get our newsletter

DISCUSSION

wonderzimms
WonderZimms

“After all, trust is hard to gain and easy to lose.”

Sure is. I haven’t used Uber since the data breach was announced (not because of the breach, but because of the massive delay in reporting it). I see no reason to go back.