You are here
Uber pays US$148m over data breach in latest image-boosting move
[SAN FRANCISCO] Uber agreed Wednesday to pay a US$148 million penalty over a massive 2016 data breach which the company concealed for a year, in the latest effort by the global ridesharing giant to improve its image and move past its missteps from its early years.
The settlement stems from a breach affecting some 57 million Uber riders and drivers, prompting litigation that was eventually joined by officials from the 50 US states and the District of Columbia.
The payment, described as the largest in a data breach settlement, is part of Uber's efforts to burnish its reputation after a series of scandals over alleged misconduct and unethical practices.
Uber disclosed the breach last year shortly after it hired chief executive Dara Khosrowshahi, who promised a new way of doing business as the company with an estimated value of more than US$70 billion expands globally and prepares for what could be a massive stock offering.
"The commitments we're making in this agreement are in line with our focus on both physical and digital safety for our customers," Uber's chief legal officer Tony West said in announcing the settlement.
"We know that earning the trust of our customers and the regulators we work with globally is no easy feat ... We'll continue to invest in protections to keep our customers and their data safe and secure, and we're committed to maintaining a constructive and collaborative relationship with governments around the world."
The company reached an agreement with the US Federal Trade Commission on the breach that called for improved security and audits but no financial penalty.
According to officials, Uber paid data thieves US$100,000 to destroy the swiped information - and remained quiet about the breach for a year.
The settlement avoid a potentially lengthy court fight which could be embarrassing to Uber.
As part of the settlement, Uber will be required to improve its security practices, with an independent outside review of data practices.
Illinois Attorney General Lisa Madigan said her office would oversee a fund of US$5.1 million that would pay each driver from the state US$100, and seek to locate those who may no longer be driving for Uber.
"While Uber is now taking the appropriate steps to protect the data of its drivers in Illinois and across the country, the company's initial response was unacceptable," Ms Madigan said. "Companies cannot hide when they break the law."
New York Attorney General Barbara Underwood said: "This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation."
Uber learned of the breach in November 2016 involving personal information on riders and drivers, nearly half in the United States, but disclosed it publicly only after Mr Khosrowshahi took over and pledged more transparency.
The case is the second large court settlement this year for Uber.
In February, Uber agreed to pay US$245 million to Alphabet's self-driving car unit Waymo to settle a lawsuit over allegedly stolen trade secrets.
But Uber still faces potential inquiries in the United States and elsewhere over data security, the use of illegal software to thwart rivals, and cases of sexual discrimination.
As part of its transparency effort, Uber this year also scrapped policies requiring arbitration over claims of sexual misconduct involving employees, riders and drivers, allowing cases to be heard in public and pursued in open court.
As a privately held firm, Uber is not required to report its finances. Released data from the second quarter however shows it lost US$891 million on revenues of US$2.8 billion, with bookings hitting a total of US$12 billion.