Uber has agreed to pay a $148 million fine for a data breach. The ride-hailing company has also promised to take steps to tight data security to ensure that this breach doesn’t happen again in the future. Uber failed for a year to tell its drivers that hackers had accessed their personal data despite having knowledge of this breach. The settlement agreement was announced by Lisa Madigan, the Attorney General for Illinois, and applies to all 50 states and the District of Columbia.
Madigan said that under Illinois state laws, Uber was required to notify its drivers as soon as it noticed the data breach but the ride-hailing services failed to do so. Uber finally started to notify affected drivers but this was nearly one year after the breach was first reported. Madigan said that this was unacceptable adding that companies must be held accountable if they break the law. The Illinois Attorney General also confirmed that she was convinced that Uber had learned its lesson and that the ride-hailing company is actively taking measures to protect its drivers from privacy threats.
In November 2016, Uber learned that a group of hackers had infiltrated its system and accessed the personal information of its drivers including driver’s license information. At the time, over 607,000 Uber drivers were affected in the US alone. Uber didn’t acknowledge the breach until later in 2017. The ride-hailing service also said at the time that it had retrieved back most of the stolen info. The company also confirmed that it had paid $100,000 in ransom to have the data destroyed.
Uber was later sued for failing to notify drivers regarding the breach as soon as possible. Many experts agree that even though the ride-hailing service needed to account for its actions, it was in its best interest to avoid a long protracted legal battle. Uber is already facing legal challenges in the EU. Tony West, chief legal officer at the company, indeed captured the essence of this by noting shortly after the $148 million settlement that in fact this was the right thing for the company to do. West also added that it’s in the interest of transparency and accountability to make sure that the process was as open and as fair as possible.
The 2016 breach also had a profound effect on customer data. Initial estimates show that the hackers accessed and stole personal information of over 57 million Uber riders in the US. The suit was launched by all the 50 states in the US and the District of Columbia. It was one of the most high-profile, legal actions taken against the ride-hailing service over the last few years.
It’s not clear what Uber is doing to prevent this kind of breach moving forward but the company should be very careful to avoid such a legal issue in the future. Nonetheless, Uber is not entirely new to legal trouble. The company has had to navigate numerous lawsuits in the US and abroad in the recent years. But for now, it seems one problem is out of the way.