Uber will have to pay $148 million to state authorities in the US for attempting to cover up a data breach in 2016.
After a hack in 2016 which resulted in the theft of 57 million people’s data, including names, email addresses and phone numbers, the company paid the perpetrators $100,000 to delete the stolen information.
Uber stayed quiet about the breach until Dara Khosrowshahi took over as leader, at which point the company revealed that the data had been leaked, and Chief Security Officer at the time, as well as one of his deputies, left the company.
“None of this should have happened, and I will not make excuses for it,” said Khosrowshahi at the time. “We are changing the way we do business.”
However, he did also emphasise that the company had not seen any evidence of fraud or misuse tied to the lost data, and assured customers that the affected accounts were being monitored.
Last year, Uber was fined $20,000 for failing to disclose a less serious data breach in 2014. This year’s fine is a little heavier.
In addition to the financial penalty, the settlement also includes terms designed to prevent a similar incident from occurring, including a requirement that Uber comply with state laws regarding data privacy and protection, and that it implement and maintain ‘robust data security practices’.
Uber will also have to deal with legal action brought against it by drivers, customers and the cities of Los Angeles and Chicago, which may lead to further costs for the company.