Abrar Hussain: Uber Technologies Inc will pay $148 million for failing to disclose a massive data breach in 2016, marking a costly resolution to one of the biggest legal tangles the ride-hailing company has suffered.
The settlement with 50 US states and Washington, DC brings closure to one of several high-stakes legal battles Uber is seeking to resolve before an initial public offering next year.
The amount is the largest among attorneys general settlements in privacy cases. By comparison, the multi-state settlement with Target Corp in 2017, over a breach in which 41 million people had their data stolen, was $18.5 million.
The settlement follows a 10-month investigation into a data breach that exposed personal data from 57 million Uber accounts, including 600,000 driver’s license numbers.
Uber’s new Chief Executive Dara Khosrowshahi disclosed the breach in November, more than a year after the company was hacked under the previous CEO. Khosrowshahi said the incident should have been disclosed to regulators at the time it was discovered in 2016.
The cover-up was seen by the US as violating data breach reporting and data security laws. It drew the ire of authorities across the country as well as overseas in the United Kingdom, Australia and the Philippines, even though around half of the data breach victims lived in the United States.
The settlement terms include changes to Uber’s business practices aimed at preventing future breaches and reforming its corporate culture. Also, Uber will be required to report any data security incidents to states on a quarterly basis for the next two years, and implement a comprehensive information security program overseen by an executive officer who advises executive staff and Uber’s board of directors.
-Source: WIO News