The logo for the Daily Beast's Obsessed website. It reads: 'Obsessed: What to Watch, Binge, See, & Skip'
DAILY BEAST
Membership call to action crossword iconCrosswordNewsletters
  • Gift Guides
  • Cheat Sheet
  • Obsessed
  • Politics
  • Israel-Gaza
  • Entertainment
  • Media
  • Opinion
  • U.S. News
  • Scouted
CHEAT SHEET
    POLITICS
    • Biden World
    • Elections
    • Opinion
    • National Security
    • Congress
    • Pay Dirt
    • The New Abnormal
    • Trumpland
    MEDIA
    • Confider
    • Daytime Talk
    • Late-Night
    • Fox News
    U.S. NEWS
    • Identities
    • Crime
    • Race
    • LGBT
    • Extremism
    • Coronavirus
    WORLD
    • Russia
    • Europe
    • China
    • Middle East
    INNOVATION
    • Science
    TRAVEL
      ENTERTAINMENT
      • TV
      • Movies
      • Music
      • Comedy
      • Sports
      • Sex
      • TDB's Obsessed
      • Awards Shows
      • The Last Laugh
      CULTURE
      • Power Trip
      • Fashion
      • Books
      • Royalist
      TECH
      • Disinformation
      SCOUTED
      • Sales
      • Reviews
      • New Kids on the Block
      • Beauty
      • Fitness
      • Home
      • Technology
      • Travel
      COUPONS
      • Vistaprint Coupons
      • Ulta Coupons
      • Office Depot Coupons
      • Adidas Promo Codes
      • Walmart Promo Codes
      • H&M Coupons
      • Spanx Promo Codes
      • StubHub Promo Codes
      Products
      NewslettersPodcastsCrosswordsSubscription
      FOLLOW US
      GOT A TIP?

      SEARCH

      HOMEPAGE
      U.S. Newsvertical orientation badge

      Uber Settles Its Largest Lawsuit After Hiding Major Data Hack From Users

      ÜBER BAD

      The ride-sharing company is now required to pay a record penalty to all 50 states after it allegedly concealed a 2016 data breach that affected 57 million people.

      Pilar Melendez

      Pilar Melendez

      Senior National Reporter

      Published Sep. 26, 2018 2:56PM EDT 

      Photo Illustration by The Daily Beast

      Uber on Wednesday settled its largest lawsuit ever after it allegedly concealed a hack that affected millions of its riders and drivers, violating data-breach laws, according to an agreement.

      “This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation,” Barbara Underwood, New York’s attorney general, said on Wednesday.

      The settlement requires the ride-sharing company to pay a record penalty of $148 million to all 50 states and the District of Columbia—the largest multi-state penalty ever imposed by state authorities for a data breach, the New York attorney general’s office confirmed to The Daily Beast.

      In addition to the monetary penalty, Uber is required to strengthen its data-security practices and comply with stricter cyber-security standards by hiring an independent third party to assess their internal practices, the settlement states.

      “I’m pleased that we’ve reached an agreement with the attorneys general of all 50 states and the District of Columbia to resolve their legal inquiries on this matter,” Tony West, Uber’s chief legal officer, said in a statement on Wednesday. “The commitments we’re making in this agreement are in line with our focus on both physical and digital safety for our customers.”

      The November 2016 data breach occurred when a hacker managed to access Uber’s information belonging to 57 million riders and drivers, including the names and license numbers for 600,000 drivers. The breach prompted a nationwide investigation led by state attorneys general to decide whether the company violated data-breach notification laws by failing to inform riders that their personal data had been compromised.

      Instead of disclosing the breach, the investigation alleged, Uber paid the hacker $100,000 through its “bug bounty program,” which rewards hackers for discovering software flaws. Uber allegedly asked the hacker to delete the data and subsequently sign a non-disclosure agreement.  

      “Uber’s decision to cover up this breach was a blatant violation of the public’s trust,” Xavier Becerra, California’s attorney general, said in a statement. “The company failed to safeguard user data and notify authorities when it was exposed.”

      It took a year for the mishap to become public, after the company hired a law firm to investigate their security team after another lawsuit alleged stolen trade secrets in relation to self-driving cars.

      Once the law firm learned of the breach, the settlement states, Uber hired an outside forensic firm to investigation and informed the public.

      “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Dara Khosrowshahi, Uber’s chief executive, said at the time before firing the two employees who had signed off on the payment.

      West claimed that Uber did, in fact, inform officials when it occurred. “Rather than settling into my new work space and walking the floor to meet my new colleagues,” he said, “I spent the day calling various state and federal regulators.”

      Following the announcement, the Federal Trade Commission began its own investigation into the company. And in April, the commission reached its settlement and ruled Uber must submit to regular privacy audits, which was revised this year to include the most recent breach.

      “We know that earning the trust of our customers and the regulators we work with globally is no easy feat. After all, trust is hard to gain and easy to lose,” West said.

      This settlement announcement came just as policymakers on Wednesday debated whether to write a new national consumer privacy law—with help from major tech companies.

      The Senate Commerce Committee Chairman heard testimony on Wednesday from tech executives on what they believe would make an effective new privacy law. “We believe privacy is a fundamental right, not a privilege,” Damien Kieran, Twitter’s data protection officer, said to lawmakers.

      These tech companies—Apple, Google, Amazon, AT&T, Charter, and Twitter—are the main proponents of a new privacy law, publicly stating that they are ready to work with lawmakers to ensure the bill’s success.

      “Perhaps for the first time, there is widespread agreement among industry policymakers and many consumer groups of the need for a new and comprehensive federal privacy law,” Leonard Cali, AT&T senior vice president global public policy, said on Wednesday.

      The proverbial olive branch comes after months of pressure elected officials have placed on tech giants regarding privacy and regulation. The tone has shifted, however, from questioning the integrity of those companies to asking for help to create a consumer privacy law that would universally mend data collection breaches.

      Bud Tribble, Apple’s vice president for software technology, acknowledged the severe risk posed by data breaches like Uber’s, and emphasized that Apple wants to better ensure customers that their data will not be vulnerable to hackers.

      “We want your device to know everything about you; we don’t think that we should,” Tribble said.

      Pilar Melendez

      Pilar Melendez

      Senior National Reporter

      @pbmelendezPilar.Melendez@thedailybeast.com

      Got a tip? Send it to The Daily Beast here.

      READ THIS LIST

      DAILY BEAST
      • Cheat Sheet
      • Politics
      • Entertainment
      • Media
      • World
      • Innovation
      • U.S. News
      • Scouted
      • Travel
      • Subscription
      • Crossword
      • Newsletters
      • Podcasts
      • About
      • Contact
      • Tips
      • Jobs
      • Advertise
      • Help
      • Privacy
      • Code of Ethics & Standards
      • Diversity
      • Terms & Conditions
      • Copyright & Trademark
      • Sitemap
      • Coupons
      • Coupons:
      • Dick's Sporting Goods Coupons
      • HP Coupon Codes
      • Chewy Promo Codes
      • Nordstrom Rack Coupons
      • NordVPN Coupons
      • JCPenny Coupons
      • Nordstrom Coupons
      • Samsung Promo Coupons
      • Home Depot Coupons
      • Hotwire Promo Codes
      • eBay Coupons
      • Ashley Furniture Promo Codes
      © 2023 The Daily Beast Company LLC