Skip to content
Go to Home Page
News

Uber Settles With US for $148 Million Over 2016 Rider Data Breach

Brendan Dorsey
Articles
Brendan Dorsey is an Associate News Editor at TPG who covers nearly everything for TPG including aviation, credit cards, points, miles, ride-hailing services and more. He previously worked for TIME.
Sept. 26, 2018
2 min read
Uber Settles With US for $148 Million Over 2016 Rider Data Breach
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

Ride-sharing giant Uber has settled with all 50 US states after failing to disclose it had a massive data breach.

In November 2017, Uber revealed that it had been hacked and that attackers stole information from 57 million riders and drivers including phone numbers, email addresses and driver's license numbers. Uber covered up the attack by paying $100,000 to the hackers to destroy and not release the information, an illegal act in all US states.

The states will divide the $148 million settlement — New York will will receive about $5.1 million and California will get $26 million from Uber.

"Our current management team’s decision to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability," wrote Tony West, Uber's chief legal officer in a post on Uber's website. "An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward."

As part of the settlement, Uber will have to "develop and implement a corporate integrity program for employees to report unethical behavior," reports CNN. That's in addition to implementing a better data breach notification system and hiring an independent organization to analyze Uber's data security.

West pointed to Uber's hiring of Ruby Zefo as chief privacy officer and Matt Olsen as chief trust and security officer as signs that the company is committed to safety. Current CEO Dara Khosrowshahi fired two of the company's top security officials after details of the breach were made public.

Sign up for our daily newsletter

“This record settlement should send a clear message: We have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation,” New York Attorney General Barbara D. Underwood said in a statement.

H/T: Wall Street Journal

Featured image by Getty Images

Top offers from our partners

How we chose these cards

Our points-obsessed staff uses a plethora of credit cards on a daily basis. If anyone on our team wouldn’t recommend it to a friend or a family member, we wouldn’t recommend it on The Points Guy either. Our opinions are our own, and have not been reviewed, approved, or endorsed by our advertising partners.
See all best card offers
Related stories
Guide
Amex Blue Cash Preferred card review: Generous bonus categories and a solid welcome offer
Southwest plane on tarmac
News
Will air travelers get more protections? 2 US senators push passengers bill of rights
Guide
Wells Fargo Autograph Card review: Quality perks with no annual fee
A couple enjoys a candle-lit dinner
News
Use this Amex Offer for a free meal worth $50 — or maybe more with referrals