The California Attorney General’s Office has reported that Uber will pay a sum of $148 million as part of a settlement with 50 US states. The ride-hailing firm was fined the massive amount for violating data breach laws by attempting to hush up its 2016 data breach that impacted around 57 million riders and drivers.
The penalty is the largest multistate penalty ever to be imposed by state authorities for a data breach. As per the last year’s statement by Dara Khosrowshahi, the CEO of Uber, the firm came to know about the breach a year after the attack took place. The breach was caused by two outsiders, who had gained unauthorized access to users’ data stored on a third-party cloud-based service.
The breach compromised data including the names and driver’s licenses of around 600,000 drivers in the United States. In addition, names, email addresses and mobile numbers of riders and drivers as well were also stolen by the hackers.
However, during the investigation, it was discovered that Uber had paid a sum of $100,000 to the hackers to delete the breached data and maintain silence about the breach.
"Uber's decision to cover up this breach was a blatant violation of the public's trust,” said California Attorney General Xavier Becerra, CNBC reported. “The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law.
Meanwhile, Tony West, Uber’s chief legal officer, defended the company, arguing that he had “spent the day calling various state and federal regulators to discuss the 2016 data incident the company had just disclosed.”
Uber acknowledged its blunder and agreed to reach a settlement with the attorney general of all 50 states and the District of Columbia.
“The commitments we’re making in this agreement are in line with our focus on both physical and digital safety for our customers, as exemplified by our recent announcement of a host of safety and security improvements and our recent hiring of experts like Ruby Zefo as Chief Privacy Officer and Matt Olsen as Chief Trust & Security Officer,” said West in a blog post.
As a part of the settlement, Uber will also be required to make changes to its security practices. This includes undergoing third-party audits and organizing programs to train employees about ethics violations.