If you had your personal information hacked in 2016– it could have been through Uber– but you wouldn’t have known because the company didn’t notify any of its customers of the breach.
According to a recent settlement agreement, Uber will pay $148 million and will tighten its data security as a result of a class action filed against it for the ride-sharing company failing to notify drivers that hackers had stolen their personal information.
Uber Technologies Inc. reached the agreement with all 50 states and the District of Columbia after a massive data breach in 2016. Instead of reporting it, Uber hid evidence of the theft and paid ransom to ensure the data wouldn’t be misused, The Associated Press reported.
“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Illinois Attorney General Lisa Madigan told The Associated Press. “And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches.”
The settlement payout will be divided among the states based on the number of drivers each has. Texas will receive more than $6.4 million, most of which will go to Uber drivers. Each affected driver is expected to receive $100.
Uber, whose GPS-tracked drivers pick up riders who request a ride from their cellphone app, found out in November 2016 that hackers had accessed the roughly 600,000 drivers’ personal data, including their driver’s license information.
The company did not publicly acknowledge the breach until November 2017. It stated that it paid $100,000 in ransom for the stolen information to be destroyed.
The hacker/s also took the names, email addresses and cellphone numbers of 57 million riders around the world.
Tony West, Uber’s chief legal officer, said the company restructured its management and is running its business differently now. He said in a statement, “It embodies the principles by which we are running our business today: transparency, integrity, and accountability. An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward.”
The settlement requires Uber to comply with state consumer protection laws designed to safeguard personal information and to immediately notify authorities in case of a breach; to establish methods to protect user data stored on third-party platforms and create strong password-protection policies. The company will hire an outside firm to conduct an assessment of Uber’s data security and implement security recommendations.
Uber also hired a former general counsel to the National Security Agency and director of the National Counterterrorism Center as its chief trust and security officer.
Do Uber drivers and passengers now want their data collected by the NSA? Was the breach designed to eventually bring in a former government agent to create “trust and security” for clients? Sounds like Deep State.