Uber Settles Data Breach by Paying $148m

by | Oct 1, 2018

Uber, the peer-to-peer ridesharing, taxi cab, food delivery, bicycle-sharing and transportation network company has settled a fine in relation to a 2016 cyber-attack that exposed data from 57 million customers and drivers for $148m.

The payment in question settles the legal action taken by the US government, and 50 states, in relation to Uber’s attempts to hide the specific details of the data breach. Following the breach, Uber made significant efforts to keep the details of it hidden it from data regulators. Those responsible to for the hacking attack were paid $100,000 by Uber to erase the data they obtained from the cloud servers that were breached.

In November 2017 Uber released some details in relation to the breach and accepted that it should have shared more specific details in relation to the cyberattack. Uber Chief Executive Officer Dara Khosrowshahi released a statement that said: “None of this should have happened, and I will not make excuses for it”.

As part of the response to the incident two Uber security officials were fired for the way in which they handled the incident. The range of data breached included the personal data from 57 million Uber accounts which incorporated 600,000 driving licence numbers. Other Legal actions submitted by affected drivers, Uber customers and the governing authorities in cities of Los Angeles and Chicago over the breach are ongoing.

Uber’s Chief Legal Officer Tony West said in a statement: “We know that earning the trust of our customers and the regulators we work with globally is no easy feat. We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”

As well as paying the fine, Uber has also pledged to change how it operates, to prevent it falling victim in the same way again. It will also be required to submit regular reports on security incidents to regulators.

As long as companies fail to address flaws in their cybersecurity policies and the processes that they follow in the, unfortunate, event of a private data breach then fines of this nature are going to continue increasing.


Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy