For those keeping up with Uber news, the company’s last two years looked like a car crash in slow motion. The first sign of a tumble down was in November 2017, as news broke that Uber hid a major data breach from the public for more than a year.
After paying hackers to delete the stolen data, Uber did not notify its users about their compromised credentials, a major no-no in the world of cyber security. Then, month after month, we saw various accidents and even bans.
Now, the Uber data breach is back in the headlines, with the company getting a major fine. It’s not just $13,5 million as initially expected, but a whopping $148 million in a settlement. The sum seems perhaps a bit overblown until you consider that, in the breach, hackers got off with the data of 57 million Uber users, 25 million of them Americans. As noted by The Washington Post, this is “the largest multistate penalty ever levied by state authorities for a data breach.” Not even the newly-implemented GPDR, which tries to levy fines of up to 2% of global turnover, has yet punished a company with such a sum.
“This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation,” said New York Attorney General Barbara Underwood.
As part of the settlement, $2.2 million will be divided among 13,000 Uber drivers whose info was compromised in 2013 and 2014, with each of them receiving $170.
“Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law,” said California Attorney General Xavier Becerra, referring to the fact that Uber quietly paid off the hackers with $100,000 and did not inform the users affected by the breach. Now, it seems that Uber has to open the purse strings for their customers as well.