Uber has reached court settlements from all 50 states about a major data leak that the company did not disclose in 2016, resolving one of the biggest legal entanglements and embarrassments the company has suffered in the last two years.
State attorneys general said Wednesday that Uber will disburse $ 148 million to close the case, with payments distributed in different amounts to states and the federal government. This is the largest value in history for data leakage. At least 196,000 Brazilians also had leaked data.
The deal follows a 10-month investigation into a data breach that exposed personal information from 57 million Uber accounts, including 600,000 driver’s license numbers. The company’s new chief executive, Dara Khosrowshahi, revealed the breach in November, more than a year after the hacking invasion, under the previous CEO. Khosrowshahi said the incident should have been disclosed to regulators as soon as it was discovered.
In November 2016, Uber paid hackers $ 100,000 to destroy stolen data. The company chose not to report the matter to the victims or authorities. The cover-up, perceived by states as a breach of data leakage reports and data security laws, has angered authorities in the United States as well as the United Kingdom, Australia and the Philippines. About half of the victims of the leak lived in the US.
“The decision to cover up this leak was a flagrant violation of public confidence,” said California Attorney General Xavier Becerra. “Consistent with its corporate culture at the time, Uber swept the violation under the carpet in deliberate disregard of the law.” The terms of the agreement also include changes to Uber’s business practices aimed at preventing future violations, and reforms to the company’s culture.
The application will be required to report data security incidents to US states on a quarterly basis over the next two years and to implement a comprehensive information security program overseen by an executive authority to advise the Uber executive team and board.
When he announced the breach, Khosrowshahi also fired two of the company’s top security executives and other staff members were also dismissed. The company recently hired a privacy director and security director.
“The market needs to get organized and invest in information infrastructure, processing quality and data protection. This is sure to come out cheaper than paying $ 148 million in compensation,” says Felipe Barreto, a lawyer specializing in digital law and new technologies. Veiga, founding partner of BVA Advogados.
Source: Reuters Agency