Uber has struck a monumental deal, agreeing to shell out a staggering $148 million to resolve an extensive investigation surrounding a 2016 data breach, a breach that the company is accused of deliberately keeping under wraps. This settlement, hailed as the largest of its kind involving multiple states, comes through an accord with attorneys general from all fifty states plus Washington, D.C.
The spotlight of scrutiny was cast upon Uber due to allegations that it had flouted state-level notification laws, choosing instead to suppress the troubling news that hackers had made off with the personal details of 57 million users back in 2016. The unsettling reality did not see the light of day until late 2017, when Uber belatedly admitted to paying the cybercriminals $100,000 to obliterate the stolen data—a move that has sparked considerable outrage.
In a further twist, back in April, Uber reached a separate agreement with the Federal Trade Commission, which had been delving into accusations that Uber misled its clientele regarding this alarming breach.
As part of this sweeping settlement, Uber has committed to establishing a robust corporate integrity program designed to empower employees to report unethical practices. Additionally, the company has vowed to adopt best practices related to data breach notifications and data security, along with engaging an independent third party to evaluate its data protection measures.
“This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation,” declared New York Attorney General Barbara D. Underwood in a press release. New York stands to benefit significantly, receiving approximately $5.1 million from the payout.
In a blog post on Wednesday, Uber’s Chief Legal Officer, Tony West, asserted, “Our current management team’s decision to disclose the incident was not only the right thing to do; it embodies the principles by which we are running our business today: transparency, integrity, and accountability. We will persist in investing in protections to keep our customers and their data safe and secure, and we’re dedicated to fostering a constructive and cooperative relationship with governments worldwide.”
This settlement arrives as Uber endeavors to overhaul its troubled practices. In a notable shift, the ride-hailing giant appointed a chief privacy officer earlier in July—Ruby Zefo now helms Uber’s efforts aimed at safeguarding user privacy. Moreover, Matt Olsen has stepped in as the chief trust and security officer, signaling a reinvigorated commitment to data protection amid rising scrutiny.
