Uber has agreed to pay $148 million in a nationwide settlement agreement over its 2016 data breach and subsequent cover-up, state attorneys general announced Wednesday. The money will be dispersed across all 50 states and the District of Columbia. Uber has also agreed to take specific steps to better secure its employees' data.
Last December, it came to light that hackers in 2016 stole data pertaining to 57 million Uber riders worldwide, as well data on more than 7 million drivers. That included data on about 600,000 drivers in the US. Instead of notifying impacted riders and drivers of the incident, Uber concealed the breach for more than a year and paid a hacker to keep it under wraps.
The data breach came to light just a few months after Dara Khosrowshahi stepped up as the new CEO of the embattled business.
Uber's failure to disclose the breach in a timely manner violated state laws. In a statement, Pennsylvania Attorney General Josh Shapiro called Uber's decision to conceal the breach "outrageous corporate misconduct."
"Today's settlement holds them accountable and requires real changes in their corporate behavior," Shapiro added.
Also: Cheat sheet: How to become a cybersecurity pro TechRepublic
In addition to the payout, Uber has agreed to take steps to change its corporate policies, including taking steps to protect any user data stored on third-party platforms, implementing strong password policies for employees, developing a strong overall data security policy for data collected about users, and implementing a corporate integrity program. Uber has also agreed to hire an outside party to regularly assess Uber's data security efforts.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
Fruitfly malware author used port scanning with weak or no passwords to identify potential victims.
The evolving IoT botnet is able to compromise an impressive array of architectures.
The self-proclaimed Apple fan stole roughly 90GB of confidential data from the iPad and iPhone maker.
- NSA says searches of Americans' data spiked in 2017
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- What technical skills is NSA looking for?
- Why the 'fixed' Windows EternalBlue exploit won't die
- Remove yourself from people search sites and erase your online presence
- Google secretly logs users into Chrome whenever they log into a Google site
- Python is a hit with hackers, report finds
- Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others
- Port of San Diego suffers cyber-attack, second port in a week after Barcelona
- Firefox bug crashes your browser and sometimes your PC
- Mozilla releases Firefox Reality, its web browser for VR
- Tor Browser gets a redesign, switches to new Firefox Quantum engine
- Firefox 62 appears as Mozilla ends support for Windows XP
- Mozilla to block ad trackers on Firefox by default