Ride-sharing giant Uber will pay a $148 million in fines amid its promise to increase its data security after failing to notify drivers that their personal information had been stolen by hackers.
In an unprecedented settlement, the company reached an agreement with all 50 United States and the District of Columbia following a data breach from 2016 for its part in not reporting the incident and hiding evidence of the theft before paying a ransom to prevent data misuse.
Illinois attorney general Lisa Madigan told the Associated Press:
This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable. And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches.
The 2016 hack has seen the compromise of personal data – including license information – of over half a million drivers in the United States. Further, the hack also stole the names, email addresses and cellphone numbers of 57 million riders from around the world.
Although it learned of the hack in November 2016, it only acknowledged the breach publicly in November 2017. Uber then paid $100,000 in ransom for the stolen personal information to be destroyed.
The settlement also mandates Uber to comply with consumer protection laws in multiple states to safeguard personal information. The company is also required to immediately notify authorities in case of a breach. The company is to also establish methods to protect user data store don third-party platforms alongside password-protection policies. Further, Uber will also need to hire an outside forensics firm to conduct an assessment of its data security measures.
The settlement payout will be divided between the states corresponding to the number of drivers present in each state. Each driver is expected to receive $100 in Illinois, whose share is $8.5 million.
Image credit: Pexels.