[BreachExchange] Uber To Pay Record $204 Million Fine For Concealing 2016 Data Breach

Audrey McNeil audrey at riskbasedsecurity.com
Fri Sep 28 15:46:40 EDT 2018


https://www.msn.com/en-au/news/other/uber-to-pay-record-24204-million-fine-for-concealing-2016-data-breach/ar-BBNBw97

Uber will pay a $US148 million ($204 million) fine as part of a settlement
reached with US state law enforcement officials over allegations it
attempted to conceal a 2016 data breachaffecting millions of its users, the
company said.

The rideshare company has also agreed to adopt new data security and breach
notification policies, not limited to the hiring of a third-party auditor
to regularly assess its practices. Additionally, the settlement requires
Uber to develop and implement a “corporate integrity program” designed to
aid employees who seek to report ethics concerns.

In November, it was revealed that Uber had, in early 2016, paid off
“hackers” who gained access to the personal data of 57 million Uber riders,
including email addresses, phone numbers and drivers licenses numbers.
Disclosure of the secret payment, $US100,000 ($137,681), led to the firing
of multiple executives.

In a statement, Uber Chief Legal Officer Tony West said that he was
“pleased” to announce the settlement, while praising the company’s “current
management” over its decision to disclose the incident.

“We know that earning the trust of our customers and the regulators we work
with globally is no easy feat,” he said. “After all, trust is hard to gain
and easy to lose.”

Citing recent hires Ruby Zefo and Matt Olsen — Uber’s new chief privacy
officer and chief trust & security officer, respectively — West said the
company will continue to invest in its security and remains committed “to
maintaining a constructive and collaborative relationship with governments
around the world”.

The New York State Attorney General’s office said it played a lead role in
securing the settlement, which involves 50 US states plus the District of
Columbia. The office had been probing the Uber breach independently before
joining the multistate investigation run by the attorneys general.

“This record settlement should send a clear message: we have zero tolerance
for those who skirt the law and leave consumer and employee information
vulnerable to exploitation,” New York Attorney General Barbara Underwood
said in a statement. “We’ll continue to fight to protect New Yorkers from
weak data security and criminal hackers.”

News of the settlement came as executives for Apple, Google, Amazon and
other leading tech companies testified on Capitol Hill about the need for a
national US privacy law that would also create a single breach notification
policy for the entire country, replacing the confusing patchwork of state
laws currently protecting consumers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180928/1f483b24/attachment.html>


More information about the BreachExchange mailing list