Uber has agreed to pay $148 million to settle claims related to a data breach that exposed the personal information of more than 25 millions of its user in the U.S.
The settlement is the biggest data-breach payout in history. In 2016, the hackers were able to gain access to data of users as well as drivers, the data obtained by hackers included 607k U.S. driver’s license numbers as well as tens of millions of users email addresses and phone numbers. Uber failed to disclose the data breach for over a year after discovering the attack.
The fine comes at a crucial stage for Uber’s CEO Khosrowshahi, who was laying the groundwork for IPO in 2019. It is said that Kalanick learned about the attack in 2016 just a month after hackers stole the data of 57 million Uber customer’s worldwide, which included 25.6 million riders and drivers in the States. But the company kept it a secret from authorities and paid the hackers $100k to delete the stolen data and keep the incident quiet.
After the incident came to light, Uber kicked out its chief security officer and disclosed the breach to the Federal Trade Commission.
“The commitments we’re making in this agreement are in line with our focus on both physical and digital safety for our customers, as exemplified by our recent announcement of a host of safety and security improvements and our recent hiring of experts like Ruby Zefo as Chief Privacy Officer and Matt Olsen as Chief Trust & Security Officer,” Uber Chief Legal Officer Tony West said in a statement Wednesday.
$148 million in the settlement will be distributed to the states, rather than directly to those affected. Its $612,950 shares of the settlement will go to the state’s consumer education and litigation fund. New York will receive about 5.1 million, and as a part of agreement Uber also promised to improve its security policies and hire an outside party to monitor its data-privacy efforts and report regularly on necessary improvements.