Uber efforts to hide breach, delayed notification leads to $148M fine, settlement

A yearlong delay in notifying its drivers that their personal information was stolen by hackers will cost Uber $148 million, according to a settlement reached by the ride-sharing service and all 50 states and the District of Columbia. 

Uber was widely admonished last year when it revealed that not only did it hide the breach but it paid a $100,000 ransom through its bug bounty program to a 20-year-old Florida man to destroy data and keep the hack a secret.

“Uber’s payment of $148 million to settle compliance mismanagement is without precedent,” said Pravin Kothari, CEO of CipherCloud. “The first problem was bad enough – a breach which granted hackers access to the personal information of over 57 million riders and drivers. The second problem was much worse – Uber evidently paid the hackers $100,000 to delete the data and keep the breach quiet, rather than report the incident. A blatant disregard for governance and compliance, putting customers at risk.”

Please register to continue.

Already registered? Log in.

Once you register, you’ll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.

Next post in Data Breach

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to your account below

Fill the forms bellow to register

Retrieve your password

Please enter your username or email address to reset your password.