Uber to pay $148 million in settlment over 2016 data breach and cover-up

The nationwide settlement agreement also requires Uber to implement better data protection policies.
Written by Stephanie Condon, Senior Writer

Uber has agreed to pay $148 million in a nationwide settlement agreement over its 2016 data breach and subsequent cover-up, state attorneys general announced Wednesday. The money will be dispersed across all 50 states and the District of Columbia. Uber has also agreed to take specific steps to better secure its employees' data.

Last December, it came to light that hackers in 2016 stole data pertaining to 57 million Uber riders worldwide, as well data on more than 7 million drivers. That included data on about 600,000 drivers in the US. Instead of notifying impacted riders and drivers of the incident, Uber concealed the breach for more than a year and paid a hacker to keep it under wraps.

Also: California governor signs country's first IoT security law CNET

The data breach came to light just a few months after Dara Khosrowshahi stepped up as the new CEO of the embattled business.

Uber's failure to disclose the breach in a timely manner violated state laws. In a statement, Pennsylvania Attorney General Josh Shapiro called Uber's decision to conceal the breach "outrageous corporate misconduct."

"Today's settlement holds them accountable and requires real changes in their corporate behavior," Shapiro added.

Also: Cheat sheet: How to become a cybersecurity pro TechRepublic

In addition to the payout, Uber has agreed to take steps to change its corporate policies, including taking steps to protect any user data stored on third-party platforms, implementing strong password policies for employees, developing a strong overall data security policy for data collected about users, and implementing a corporate integrity program. Uber has also agreed to hire an outside party to regularly assess Uber's data security efforts.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

FBI solves mystery surrounding 15-year-old Fruitfly Mac malware

Fruitfly malware author used port scanning with weak or no passwords to identify potential victims.

Meet Torii, a new IoT botnet far more sophisticated than Mirai variants

The evolving IoT botnet is able to compromise an impressive array of architectures.

Teenage Apple hacker avoids jail for 'hacky hack hack' attack

The self-proclaimed Apple fan stole roughly 90GB of confidential data from the iPad and iPhone maker.

Related stories:

Editorial standards