A yearlong delay in notifying its drivers that their personal information was stolen by hackers will cost Uber $148 million, according to a settlement reached by the ride-sharing service and all 50 states and the District of Columbia.
Uber was widely admonished last year when it revealed that not only did it hide the breach but it paid a $100,000 ransom through its bug bounty program to a 20-year-old Florida man to destroy data and keep the hack a secret.
“Uber’s payment of $148 million to settle compliance mismanagement is without precedent,” said Pravin Kothari, CEO of CipherCloud. “The first problem was bad enough – a breach which granted hackers access to the personal information of over 57 million riders and drivers. The second problem was much worse – Uber evidently paid the hackers $100,000 to delete the data and keep the breach quiet, rather than report the incident. A blatant disregard for governance and compliance, putting customers at risk.”
Please register to continue.
Already registered? Log in.
Once you register, you’ll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.