Uber will pay $148 million to resolve an investigation into a 2016 data breach that the company was accused of deliberately concealing.
The settlement with the attorneys general of all 50 states and Washington, D.C., will be split among the states. New York’s attorney general says this is the largest multi-state data breach settlement ever.
The investigation is investigating the ride-sharing company’s violation of state notification laws by deliberately concealing the personal information of 57 million users stolen by hackers in 2016.
The breach was not disclosed until late 2017, when Uber revealed it paid hackers $100,000 to destroy the data. In April, Uber reached a settlement with the Federal Trade Commission, which was investigating allegations that Uber deceived customers over the breach.
As part of the settlement, Uber agreed to develop and implement a corporate integrity program for employees to report unethical behavior. It also agreed to adopt model data breach notification and data security practices and to engage an independent third party to assess its data security practices.
New York Attorney General Barbara D. Underwood said in a press release, “This record settlement should send a clear message: We are serious about those who circumvent the law and leave consumer and employee information vulnerable to exploitation. “People take a zero-tolerance approach.” New York will receive about $5.1 million in compensation.
“Our current management team’s decision to disclose this incident is not only the right thing to do, but embodies the principles by which we run our business today: transparency, integrity and Accountability.” released Wednesday. “We will continue to invest in protections to keep our customers and their data safe, and we are committed to maintaining constructive working relationships with governments around the world.”
The settlement comes as Uber attempts to clean up its practice. For example, in July this year, Uber finally hired its chief privacy officer: Ruby Zefo, who became Uber’s executive focused on privacy matters. Matt Olsen also joins as chief trust and security officer.
CNN Business (New York) First published September 26, 2018: 2:16pm ET