CRAPSICAB COMPANY Uber has agreed to pay $148m (around £112m) to settle a data breach that affected some 57 million customers in 2016.
The mega-breach occurred in October 2016 and affected 50 million riders and seven million drivers. Drivers’ drivers’ names, email addresses, and phone numbers were compromised as a result, along with 600,000 driver license numbers for US drivers.
However, the breach wasn’t made public until November 2017, when it was revealed that it was deliberately hidden under the leadership of now-ousted CEO Travis Kalanick, who paid the hackers $100,000 to delete the data they collected.
The decision to disguise the hack was made at a time when Uber was already fighting several claims of privacy violations in the US.
On Wednesday, California authorities announced that Uber has agreed to pay $148m to settle legal claims surrounding the data breach and its subsequent cover-up, which will be divided across all 50 states and the District of Columbia. California, which helped lead the settlement, will get $26m.
“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Lisa Madigan, the Illinois attorney general, told the Associated Press. “And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches.”
In addition to the $148m payout, Uber has agreed to take steps to change its corporate policies. This will include protecting any user data stored on third-party platforms, implementing strong password policies for employees, developing a strong overall data security policy for data collected about users and implementing a corporate integrity program.
The firm has also agreed to hire an outside party to regularly assess its data security efforts.
In a statement, Uber’s chief legal officer Tony West, said: “We know that earning the trust of our customers and the regulators we work with globally is no easy feat.
“We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”
“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies.” µ
Source : Inquirer