My wonderful garden produce is coming to an end
Attack on Facebook exposes 50 million users’ accounts

Uber to pay a record $148 million settlement for not disclosing 2016 data breach

UberUber settled charges Wednesday it concealed a 2016 data breach in violation of notification laws. The settlement, which was reached with 50 states and the District of Columbia, requires Uber to adopt data breach notification and data security practices and have its data security reviewed by an outside company. Uber also is required to pay a record $148 million penalties.

“New Yorkers deserve to know that their personal information will be protected – period,” said New York Attorney General Barbara D. Underwood. “This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation.”

In November 2016, hackers based in the United States and Canada secretly informed security officials at Uber that they’d downloaded the personal information of 57 million riders and drivers, 25 million in the United States and 7.7 million drivers. The information stolen included names, email addresses, and mobile phone numbers; drivers’ license information on about 600,000 drivers nationwide were also stolen. After providing proof of the massive data breach, the hackers demanded “six figures” to delete the data and not disclose the breach. Uber paid the hackers $100,000 to conceal the breach.

In the spring of 2017, Uber’s board of directors directed a law firm to investigate Uber’s security team due to an unrelated lawsuit on the alleged theft of trade secrets for self-driving cars. As part of the inquiry, the law firm learned of the breach and ransom payment. Then the board hired a forensic firm to investigate the breach. Uber provided notice of the breach in late November 2017, a year after it occurred.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)