Uber settles with US states for silenced data breach from 2016

Spread the love

Uber has reached a settlement with all 50 US states not to be prosecuted for a major data breach from 2016. The company tried to keep this incident under wraps, including by allegedly paying the hackers money.

Uber will pay all states a sum totaling to $148 million, Reuters reports. Converted, that equates to 125 million euros. Prosecutors from the US states have never reached such a high joint settlement amount in similar privacy cases involving large-scale data theft. Several states, including Washington, were already suing Uber.

As part of the settlement, Uber will be required to report all data security incidents on a quarterly basis. This obligation applies for the next two years. Uber must also implement a comprehensive information security program and hire a consultant who will advise Uber’s board of directors on security issues.

On November 21, Uber announced a major data theft in 2016. Hackers then looted the names, email addresses and mobile phone numbers of 57 million users. Also, the names and driver license numbers of 600,000 drivers in the US were downloaded. Uber did not report the incident until 371 days after discovering the theft.

You might also like
Exit mobile version