Uber to pay $148 million to resolve investigation related to a 2016 data breach that it was accused of deliberately hiding.
The agreement with the attorneys general from all 50 states and Washington, DC, will be divided among the states. This marks the largest multi-state settlement for a data breach, as noted by the New York attorney general.
The inquiry was initiated to investigate claims that the ride-sharing service violated state notification laws by intentionally failing to disclose that hackers accessed the personal information of 57 million users in 2016.
The breach was not made public until late 2017, when Uber disclosed that it had paid the hackers $100,000 to eliminate the data. In April, the company reached a settlement with the Federal Trade Commission that was looking into claims that Uber misled consumers concerning this breach.
As part of the agreement, Uber has committed to creating and implementing a corporate integrity program that allows employees to report unethical activities. Additionally, it will adopt best practices for data breach notification and security, and appoint an independent third party to evaluate its data security protocols.
“This historic settlement should communicate a strong message: we have zero tolerance for those who evade the law and compromise consumer and employee data to potential exploitation,” stated New York attorney general Barbara D. Underwood in a press release. New York will receive approximately $5.1 million from the settlement.
“The decision by our current management team to disclose the incident was not just the right action; it reflects the principles that govern our operations today: transparency, integrity, and accountability,” said Tony West, Uber’s chief legal officer, in a blog post on Wednesday. “We will continue to invest in measures to protect our customers and their information, as well as maintaining a constructive and cooperative relationship with governments globally.”
This settlement occurs as Uber works to improve its practices. For instance, in July, Uber appointed a chief privacy officer, Ruby Zefo, to focus on privacy issues. Matt Olsen has also joined the company as chief trust and security officer.
CNNMoney (New York) Originally published September 26, 2018: 2:16 PM ET