Uber has agreed to pay $148 million to settle allegations from 50 states and the District of Columbia that the ride-hailing company violated data breach laws when it waited a year to disclose a hack affecting tens of millions of its riders and drivers.
The settlement marks the first time the company has settled a matter with the top law enforcement officials from all 50 states and the District of Columbia.
The announcement came just as lawmakers on Wednesday were debating whether to write a national consumer privacy law, with witnesses testifying from companies such as Apple, Google and Twitter.
Uber not only waited a year to disclose the breach – which exposed names, email addresses and phone numbers of 57 million people around the world – but also paid $100,000 to the hackers to keep the incident quiet.
As part of the settlement, Uber agreed to undergo regular third-party audits of its security practices, and to set up a program allowing employees to file concerns about ethics violations they may have witnessed.
It also agreed to take precautions to safeguard any Uber data that may be held by third parties, according to New York’s attorney general’s office.
This summer, Uber hired a former lawyer for Intel as its chief privacy officer and a former general counsel for the National Security Agency as its chief trust and security officer.
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.