Uber, the peer-to-peer ridesharing, taxi cab, food delivery, bicycle-sharing and transportation network company has settled a fine in relation to a 2016 cyber-attack that exposed data from 57 million customers and drivers for $148m.
The payment in question settles the legal action taken by the US government, and 50 states, in relation to Uber’s attempts to hide the specific details of the data breach. Following the breach, Uber made significant efforts to keep the details of it hidden it from data regulators. Those responsible to for the hacking attack were paid $100,000 by Uber to erase the data they obtained from the cloud servers that were breached.
In November 2017 Uber released some details in relation to the breach and accepted that it should have shared more specific details in relation to the cyberattack. Uber Chief Executive Officer Dara Khosrowshahi released a statement that said: “None of this should have happened, and I will not make excuses for it”.
As part of the response to the incident two Uber security officials were fired for the way in which they handled the incident. The range of data breached included the personal data from 57 million Uber accounts which incorporated 600,000 driving licence numbers. Other Legal actions submitted by affected drivers, Uber customers and the governing authorities in cities of Los Angeles and Chicago over the breach are ongoing.
Uber’s Chief Legal Officer Tony West said in a statement: “We know that earning the trust of our customers and the regulators we work with globally is no easy feat. We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”
As well as paying the fine, Uber has also pledged to change how it operates, to prevent it falling victim in the same way again. It will also be required to submit regular reports on security incidents to regulators.
As long as companies fail to address flaws in their cybersecurity policies and the processes that they follow in the, unfortunate, event of a private data breach then fines of this nature are going to continue increasing.