
Source: Port Swigger
Reports suggest Uber has finally owned up to concealing a data breach from the year 2016 that led to the exposure of data of 57 million people. On July 22, the ride hailing giant embarked on a non-prosecution deal with the FTC- Federal Trade commission this week. That year, a couple hackers stole personally identifiable data of millions of passengers, along with the driver’s license details of about 600,000 drivers at Uber.
Reportedly, the company confessed to failing to let the FTC know about the cyberattack, as required by the deal. Moreover, it acknowledged the need for cooperation in prosecution of Joe Sullivan, the chief security of the company at the time of the breach. Just a while following revelation of the incident, Sullivan was asked to leave the ride hailing giant.
Notably, this admission from the company comes just a while following a group of 550 women suing the company. These women planned to file the lawsuit against Uber accusing it of hiring drivers who harass women across the US in various ways. The women allege that they were victims to various forms of abuse and sexual harassment by these drivers such as kidnapping, sexual assault, rape, stalking, being sexually battered, etc. They aimed to sue Uber for wrongly posing as a safe mode of transport.
How Uber avoided federal prosecution?
In order to avoid the charges, Uber has admitted to having knowledge of the leak to the concerned prosecutors. US Attorney for the Northern District of California answered enquiries as to exactly how the ride haling giant escaped the prosecution. She specified how the company’s newest management complied with necessary revelations, taking responsibility in the consequences of the breach, showcasing adequate cooperation.
This management made a commitment to the agency for the maintenance of substantial privacy policy for the coming two decades. Following the breach, Sullivan had reportedly hidden all of the crucial details, even got the hackers to sign a non-disclosure document, almost giving $100,000 in cryptocurrency to make sure the news does not get public. However, the newly appointed management took charge to disclose all necessary details regarding the leak.
Moreover, the company had to even fittingly pay fines worth $148 million to US states in the year 2018 for the settlement of these claims. But, many considered this just a form of ridiculing as the company’s net worth rose to a whopping $76 million at that point.