Uber pays $148 mn over data breach in latest image-boosting move

September 26, 2018 by Julie Charpentrat
Ridesharing giant Uber agreed to pay $148 million as part of a settlement over a 2016 data breach exposing personal information on 57 million riders and drivers

Uber agreed Wednesday to pay a $148 million penalty over a massive 2016 data breach which the company concealed for a year, in the latest effort by the global ridesharing giant to improve its image and move past its missteps from its early years.

The settlement stems from a breach affecting some 57 million Uber riders and drivers, prompting litigation that was eventually joined by officials from the 50 US states and the District of Columbia.

The payment, described as the largest in a data breach settlement, is part of Uber's efforts to burnish its reputation after a series of scandals over alleged misconduct and unethical practices.

Uber disclosed the breach last year shortly after it hired chief executive Dara Khosrowshahi, who promised a new way of doing business as the company with an estimated value of more than $70 billion expands globally and prepares for what could be a massive stock offering.

"The commitments we're making in this agreement are in line with our focus on both physical and digital safety for our customers," Uber's chief legal officer Tony West said in announcing the settlement.

"We know that earning the trust of our customers and the regulators we work with globally is no easy feat ... We'll continue to invest in protections to keep our customers and their data safe and secure, and we're committed to maintaining a constructive and collaborative relationship with governments around the world."

The company reached an agreement with the US Federal Trade Commission on the breach that called for improved security and audits but no financial penalty.

According to officials, Uber paid data thieves $100,000 to destroy the swiped information—and remained quiet about the breach for a year.

The settlement avoid a potentially lengthy court fight which could be embarrassing to Uber.

Dara Khosrowshahi, who took over as Uber CEO last year, has pledged more transparency and ethical practices at the global ridesharing giant
Improving security

As part of the settlement, Uber will be required to improve its security practices, with an independent outside review of data practices.

Illinois Attorney General Lisa Madigan said her office would oversee a fund of $5.1 million that would pay each driver from the state $100, and seek to locate those who may no longer be driving for Uber.

"While Uber is now taking the appropriate steps to protect the data of its drivers in Illinois and across the country, the company's initial response was unacceptable," Madigan said. "Companies cannot hide when they break the law."

New York Attorney General Barbara Underwood said: "This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation."

Uber learned of the breach in November 2016 involving personal information on riders and drivers, nearly half in the United States, but disclosed it publicly only after Khosrowshahi took over and pledged more transparency.

The case is the second large court settlement this year for Uber.

In February, Uber agreed to pay $245 million to Alphabet's self-driving car unit Waymo to settle a lawsuit over allegedly stolen trade secrets.

But Uber still faces potential inquiries in the United States and elsewhere over data security, the use of illegal software to thwart rivals, and cases of sexual discrimination.

As part of its transparency effort, Uber this year also scrapped policies requiring arbitration over claims of sexual misconduct involving employees, riders and drivers, allowing cases to be heard in public and pursued in open court.

As a privately held firm, Uber is not required to report its finances. Released data from the second quarter however shows it lost $891 million on revenues of $2.8 billion, with bookings hitting a total of $12 billion.

Explore further: Uber sued after data stolen by hackers covered up

Related Stories

Uber sued after data stolen by hackers covered up

March 5, 2018

The ride-hailing company Uber broke Pennsylvania law when it failed to notify potential victims, including thousands of drivers, for a year after it discovered hackers had stolen their personal information, said the state ...

Washington state sues Uber over data breach cover-up

November 28, 2017

Washington state is suing the ride-hailing company Uber, saying it broke state law when it failed to notify more than 10,000 drivers in the state that their personal information was accessed as part of a major data breach.

Uber in legal crosshairs over hack cover-up

November 22, 2017

Two US states on Wednesday confirmed they are investigating Uber's cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers.

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.