After paying $100k to hackers to keep quiet, Uber’s 2016 data breach is going to cost it millions

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Uber has agreed to pay $148 million for failing to report a massive data breach in 2016. The sum settles allegations from 50 states and the District of Columbia that the ride-hailing company violated data breach laws, according to Bloomberg.

The settlement, called among the biggest in Uber’s history, marks the first time the company has settled a matter with the top law enforcement officials from all 50 states and the District of Columbia. It’s being called the most substantial multistate penalty ever levied by state authorities for a data breach.

Uber paid the hackers to keep quiet and delete data

The 2016 breach, which Uber waited a year to disclose, exposed names, email addresses, and phone numbers of 57 million users around the world. To resolve the issue and keep it quiet, Uber paid the hackers $100,000 to delete the data.

According to California Attorney General Xavier Becerra:

Uber’s decision to cover up this breach was a blatant violation of the public’s trust. Companies in California and throughout the nation are entrusted with customers’ valuable private information. This settlement broadcasts to all of them that we will hold them accountable to protect that data.

New York Attorney General Barbara Underwood concurs, noting:

This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation.

The breach, disclosed in November 2017, came after an investigation was ordered by Uber chief executive Dara Khosrowshahi, who had joined the company three months earlier.

What happens now?

As part of the settlement, Uber’s required to make changes to its practices and its corporate culture. Additionally, the company has agreed to undergo regular third-party audits of its security practices and to set up a program allowing employees to file concerns about ethics violations they may have witnessed while on the job. It also agreed to take precautions to protect Uber data that may be held by third parties.

Data breaches have plagued many companies over the years. Hopefully, Uber’s decision to settle its case for millions will convince other companies to come forward promptly when breaches occur.

What say you? Let us know in the comments below.

Editors’ Recommendations:

• Uber’s new Ride Check will provide assistance when things go south
• Firefox Monitor will alert you to data breaches involving your email address
• Uber wants to use Skyports to deliver you, and your Uber Eats orders, by air