Last year, reports surfaced that Uber had been hit with a data breach, but instead of reporting it to the government or to those affected, it chose to cover it up. Now, the company will pay $148 million as part of a settlement, and the money will be disbursed between each US state and Washington, DC. After the hack and Uber's response to it became public, a number of states launched investigations into the incident while others filed lawsuits.
In 2017, data breaches jeopardized the personal information of 9.2 million New Yorkers. It is a major issue.— NY AG Underwood (@NewYorkStateAG) September 26, 2018
We have zero tolerance for those who skirt the law and leave personal info vulnerable to exploitation.
Hackers obtained personal information for around 57 million Uber customers and drivers in October 2016 and in response, the company paid those behind the attack $100,000 to delete the data and keep quiet. The Federal Trade Commission initiated an investigation after the news came to light, later adding more provisions to an earlier settlement it made with the company over inadequate data safeguards.
"Uber's decision to cover up this breach was a blatant violation of the public's trust," California Attorney General Xavier Becerra said in a statement. "The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law."
Along with the fine, Uber has agreed to more rigorous data security and breach notification practices as well as outside assessments of its data security efforts.