Uber Settles With US for $148 Million Over 2016 Rider Data Breach

Sep 26, 2018

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

Ride-sharing giant Uber has settled with all 50 US states after failing to disclose it had a massive data breach.

In November 2017, Uber revealed that it had been hacked and that attackers stole information from 57 million riders and drivers including phone numbers, email addresses and driver’s license numbers. Uber covered up the attack by paying $100,000 to the hackers to destroy and not release the information, an illegal act in all US states.

The states will divide the $148 million settlement — New York will will receive about $5.1 million and California will get $26 million from Uber.

“Our current management team’s decision to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability,” wrote Tony West, Uber’s chief legal officer in a post on Uber’s website. “An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward.”

As part of the settlement, Uber will have to “develop and implement a corporate integrity program for employees to report unethical behavior,” reports CNN. That’s in addition to implementing a better data breach notification system and hiring an independent organization to analyze Uber’s data security.

West pointed to Uber’s hiring of Ruby Zefo as chief privacy officer and Matt Olsen as chief trust and security officer as signs that the company is committed to safety. Current CEO Dara Khosrowshahi fired two of the company’s top security officials after details of the breach were made public.

“This record settlement should send a clear message: We have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation,” New York Attorney General Barbara D. Underwood said in a statement.

H/T: Wall Street Journal

Featured image by Justin Sullivan / Getty Images.

Chase Sapphire Preferred® Card

WELCOME OFFER: 80,000 Points

TPG'S BONUS VALUATION*: $1,600

CARD HIGHLIGHTS: 3X points on dining and 2x points on travel, points transferrable to over a dozen travel partners

*Bonus value is an estimated value calculated by TPG and not the card issuer. View our latest valuations here.

Apply Now
More Things to Know
  • Earn 80,000 bonus points after you spend $4,000 on purchases in the first 3 months from account opening. That's $1,000 when you redeem through Chase Ultimate Rewards®.
  • Enjoy benefits such as a $50 annual Ultimate Rewards Hotel Credit, 5x on travel purchased through Chase Ultimate Rewards®, 3x on dining and 2x on all other travel purchases, plus more.
  • Get 25% more value when you redeem for airfare, hotels, car rentals and cruises through Chase Ultimate Rewards®. For example, 80,000 points are worth $1,000 toward travel.
  • With Pay Yourself Back℠, your points are worth 25% more during the current offer when you redeem them for statement credits against existing purchases in select, rotating categories
  • Count on Trip Cancellation/Interruption Insurance, Auto Rental Collision Damage Waiver, Lost Luggage Insurance and more.
Regular APR
16.24% - 23.24% Variable
Annual Fee
$95
Balance Transfer Fee
Either $5 or 5% of the amount of each transfer, whichever is greater.
Recommended Credit
Excellent/Good

Editorial Disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.