UPDATED 15:24 EDT / SEPTEMBER 26 2018

APPS

Uber settles states’ investigation of 2016 data breach and coverup for $148M

Uber Technologies Inc. today disclosed that it has settled a multistate probe into a 2016 data breach that compromised 57 million of its users.

The company has agreed to pay $148 million as part of a deal encompassing all 50 states and Washington D.C., a fine that represents the biggest ever of its kind. The settlement comes 11 months after Uber disclosed the incident, which had taken place over a year earlier under previous Chief Executive Officer Travis Kalanick.

Hackers had managed to infiltrate a poorly secured GitHub repository belonging to the company and steal login credentials to an Amazon Web Services account. That account, in turn, contained some of the 57 million affected users’ personal information. The attackers managed to obtain names, email addresses and phone numbers as well as the driver’s license numbers of 607,000 Uber drivers.

What caused the incident to draw so much scrutiny was how Uber handled the situation. Bloomberg reported at the time that then-Chief Executive Kalanick found about the breach a month after the fact yet didn’t inform the public. To make matter worse, the company admitted that senior employees had paid the hackers $100,000 to delete the stolen data and keep the breach a secret.

Tim Erlin, vice president of product management and strategy at cybersecurity firm Tripwire, said in an email that the coverup contributed to the size of the settlement. “It’s a good reminder to all organizations of how a good breach response plan can help avoid poor decision-making in the midst of an incident,” he said.

Today’s settlement finally puts the embarrassing episode behind the company. In addition to the $148 million fine, the agreement includes terms requiring Uber to change its corporate culture and adapt new practices to prevent future breaches.

“We know that earning the trust of our customers and the regulators we work with globally is no easy feat,” Uber Chief Legal Officer Tony West wrote in a statement. “After all, trust is hard to gain and easy to lose. We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”

Photo: Wikimedia

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.