$148 Million will be Paid by Uber for not Reporting about 2016 Hack

Uber, the ride-hailing company, has agreed to tighten their data security practices and pay $148 Million to states after the company failed for over a year to inform its drivers that their personal information had been stolen by the hackers, as per the statement announced on September 26, 2018 (i.e. on Wednesday).

The company has entered into an agreement with District of Columbia as well as all the 50 states soon after a massive data breach happened in the year 2016. Rather than reporting about the data breach, Uber hid the proofs of theft and on top of it paid ransom for ensuring that the stolen data does not get misused.

The agreement of the states stemmed from the data compromised in the year 2016 by the hackers, who obtained license numbers of 607,000 U.S. driver's along with millions of consumer phone numbers and email addresses, a leak which Uber failed to reveal for over a year even after discovering about the attack, as posted on September 26, 2018, by autonews.com.

"Unfortunately, hacks like this one have become a regular occurrence. When they happen, companies should promptly notify those affected. Uber waited too long and the company is being held accountable as a result," Wasden said. As per Fox, issues of identity theft related to Uber hack has not been reported by anybody from Montana, although Uber themselves had discovered the breach. Their negligence in reporting the data breach to the state authorities, however, proved costly to them.

After this Uber hacking incident came to light, the company ousted its CSO (Chief Security Officer). They also disclosed about the breach to FTC (Federal Trade Commission). The company was already reprimanded by the FTC for similar data breach in 2014.

As per the settlement, Uber requires to comply with the state consumer protection laws, which safeguards the personal information and should immediately notify the authorities when a breach has occurred. Creating strong password-protection policies, and establishing methods for protecting user data that is stored on the third-party platforms are equally needed. An outside firm will also be hired by the company for conducting Uber's data security assessment and then implement their recommendations.

The states will divide among themselves the settlement payout, on the basis of number of drivers they have.

» SPAMfighter News - 10/3/2018