Ride hailing service Uber agreed to pay a US$148 million penalty over a massive 2016 data breach which the company concealed for a year, the company and state officials announced Wednesday, September 26.
The agreement stems from a breach affecting some 57 million Uber riders and drivers disclosed by the California company, prompting litigation that was eventually joined by officials from the 50 US states and the District of Columbia.
“New Yorkers deserve to know that their personal information will be protected—period,” New York Attorney General Barbara Underwood said in a statement. “This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation.”
According to officials, Uber paid data thieves US$100,000 to destroy the swiped information—and remained quiet about the breach for a year.
The company announced in a statement that the agreement is part of an effort to live up to its standards of transparency and accountability after a series of embarrassing missteps.
“The commitments we’re making in this agreement are in line with our focus on both physical and digital safety for our customers,” Uber’s chief legal officer Tony West said.
Full Content: Bloomberg, NY Attorney General