Uber will have to cough up a sum of $148 million in fines for the data breach it suffered in 2016, which affected 600,000 drivers in the US, and 57 million customers across the world. The company agreed to pay the fine and settle the case with the attorneys general of all 50 states and the District of Columbia.
Tony West, Uber’s chief legal officer, said:
The commitments we’re making in this agreement are in line with our focus on both physical and digital safety for our customers, as exemplified by our recent announcement of a host of safety and security improvements and our recent hiring of experts like Ruby Zefo as Chief Privacy Officer and Matt Olsen as Chief Trust & Security Officer.
The amount will be distributed between American states and Washington, D.C.
California attorney general Xavier Becerra said in a statement:
Uber’s decision to cover up this breach was a blatant violation of the public’s trust. The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law.
Uber paid $100,000 to the hackers who agreed to keep the breach a secret. The company kept a lid on this for almost a year before CEO Dara Khosrowshahi revealed it publicly. The hackers stole customer data like names, email addresses, mobile phone numbers, and drivers’ license plate information.
The cab-hailing company is on a recovery path after Khosrowshahi took over the CEO post following co-founder Travis Kalanick’s resignation.