Skip to content
Go to Home Page
News

Uber Settles With US for $148 Million Over 2016 Rider Data Breach

Brendan Dorsey
Brendan Dorsey
Contributor
Born and raised in Northern California, schooled in our Nation's capital, and currently working in the greatest city in the world - NYC. I was instantly hooked to traveling the second I stepped foot in Europe. The addiction only grew once I found out I could do it for free, all on points and miles. I could also eat bagels for every meal.
Sept. 26, 2018
2 min read
Uber-headquarters-lawsuit-sexual-harassment
Uber Settles With US for $148 Million Over 2016 Rider Data Breach
The cards we feature here are from partners who compensate us when you are approved through our site, and this may impact how or where these products appear. We don’t cover all available credit cards, but our analysis, reviews, and opinions are entirely from our editorial team. Terms apply to the offers listed on this page. Please view our advertising policy and product review methodology for more information.

Ride-sharing giant Uber has settled with all 50 US states after failing to disclose it had a massive data breach.

In November 2017, Uber revealed that it had been hacked and that attackers stole information from 57 million riders and drivers including phone numbers, email addresses and driver's license numbers. Uber covered up the attack by paying $100,000 to the hackers to destroy and not release the information, an illegal act in all US states.

The states will divide the $148 million settlement — New York will will receive about $5.1 million and California will get $26 million from Uber.

"Our current management team's decision to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability," wrote Tony West, Uber's chief legal officer in a post on Uber's website. "An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward."

As part of the settlement, Uber will have to "develop and implement a corporate integrity program for employees to report unethical behavior," reports CNN. That's in addition to implementing a better data breach notification system and hiring an independent organization to analyze Uber's data security.

West pointed to Uber's hiring of Ruby Zefo as chief privacy officer and Matt Olsen as chief trust and security officer as signs that the company is committed to safety. Current CEO Dara Khosrowshahi fired two of the company's top security officials after details of the breach were made public.

Daily Newsletter
Reward your inbox with the TPG Daily newsletter
Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

"This record settlement should send a clear message: We have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation," New York Attorney General Barbara D. Underwood said in a statement.

H/T: Wall Street Journal

Featured image by Getty Images