Uber Settles With US for $148 Million Over 2016 Rider Data Breach

Ride-sharing giant Uber has settled with all 50 US states after failing to disclose it had a massive data breach.

In November 2017, Uber revealed that it had been hacked and that attackers stole information from 57 million riders and drivers including phone numbers, email addresses and driver’s license numbers. Uber covered up the attack by paying $100,000 to the hackers to destroy and not release the information, an illegal act in all US states.

The states will divide the $148 million settlement — New York will will receive about $5.1 million and California will get $26 million from Uber.

“Our current management team’s decision to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability,” wrote Tony West, Uber’s chief legal officer in a post on Uber’s website. “An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward.”

As part of the settlement, Uber will have to “develop and implement a corporate integrity program for employees to report unethical behavior,” reports CNN. That’s in addition to implementing a better data breach notification system and hiring an independent organization to analyze Uber’s data security.

West pointed to Uber’s hiring of Ruby Zefo as chief privacy officer and Matt Olsen as chief trust and security officer as signs that the company is committed to safety. Current CEO Dara Khosrowshahi fired two of the company’s top security officials after details of the breach were made public.

“This record settlement should send a clear message: We have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation,” New York Attorney General Barbara D. Underwood said in a statement.

H/T: Wall Street Journal

Featured image by Justin Sullivan / Getty Images.