Uber fined $148m for attempting to hide 2016 data breach

Illinois attorney general calls the yearlong notification delay "inexcusable"

Uber will pay $148 million for failing to notify its drivers that their personal details had been hacked in 2016.

Rather than reporting it, it was discovered that Uber had attempted to hide evidence of the data breach by paying a ransom of $100,000 to ensure the stolen data would not be misused.

After a subsequent investigation, the ride-hailing firm has agreed on a settlement with all 50 states and the District of Columbia.

"This is one of the most egregious cases we've ever seen in terms of notification; a yearlong delay is just inexcusable," Lisa Madigan, the Illinois attorney general, told the Associated Press. "And we're not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches."

The breach happened in October 2016, with names, email addresses and phone numbers of around 57 million users of the service being taken, as well as driver's license data belonging to approximately 600,000 US drivers.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Travis Kalanick, then chief executive, reportedly knew about the breach for over a year. He was later forced out of the company after reports of sexism and poor working practices. Uber has made a number of management changes since the hack and Tony West, Uber's chief legal officer, said the decision by current managers to reform the company was "the right thing to do".

"It embodies the principles by which we are running our business today: transparency, integrity and accountability," West said. "An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward."

For Rob Shapland, principle cybersecurity consultant at Falanx Group, Uber's hefty fine should be a warning to companies contemplating data breach coverups.

"This fine shows that companies can no longer get away with poor cybersecurity and sweeping incidents under the carpet," he said. "I would expect many companies will have tried to hide the fact that they've been breached, especially given the size of the potential fines.

"This case, and the punishment for Uber for not revealing that the breach had occurred will hopefully give companies further warning of the risks posed by cyber attacks so that they take the security of the data they hold more seriously."

Advertisement - Article continues below

The fine will be split among US states based on the number of drivers employed, according to Madigan speaking to the Associated Press. For example, Illinois is expected to get $8.5 million, with each affected driver receiving $100 each.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020