Uber agrees to pay $140 million in damages for failing to report 2016 data breach
The leak had affected more than 60,000 drivers in the US as well as 5.7 crore riders around the world.
Uber will play $140 million (approximately Rs 1,017 crore) in damages for failing to notify drivers after hackers stole their personal information in a data breach in the United States in 2016, AP reported. The company on Wednesday reached an agreement with all 50 states and the District of Columbia.
The money will be divided among the states based on the number of drivers each has. More than 60,000 drivers had been affected by the data theft, which wasn’t reported. Instead, the company paid $100 million (approximately Rs 726 crore) in ransom to ensure the data wouldn’t be misused by the hackers. In November 2017, Uber acknowledged the data theft.
“This is one of the most egregious cases we’ve ever seen in terms of notification; a year-long delay is just inexcusable,” Illinois Attorney General Lisa Madigan said. “And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches.”
California Attorney General Xavier Becerra said Uber’s decision to cover up the breach was a blatant violation of public trust, reported CNBC. “The company failed to safeguard user data and notify authorities when it was exposed,” said Becerra. “Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law.”
According to the terms of the settlement, Uber will be required to comply with state consumer protection laws safeguarding personal data and will be required to immediately notify authorities in case of a breach. The company will tighten its data security by ensuring protection of user data stored on third-party platforms and by creating strong password-protection policies. The breach had led to the theft of names, email addresses and cellphone numbers of 5.7 crore riders around the world.
Uber will also hire an independent company to examine its data security and implement the recommendations.
In a statement, Uber’s Chief Legal Officer Tony West said that the company would take responsibility for past mistakes, learn from them, and move forward. “Our current management team’s decision to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability,” he said.
Last month, Uber agreed to pay $1.9 million (approximately Rs 13.28 crore) to settle sexual harassment claims of 56 current and former employees in the US. Besides this, it will also pay nearly $11,000 (approximately Rs 7.6 lakh) as part of a class action case filed by 485 people who alleged discrimination at the workplace.