Boston Herald

Uber fined $150M in breach

Co. tried to keep hack secret

Uber will pay nearly $150 million to settle allegation­s that it took steps to hide a data breach that exposed informatio­n from about 57 million riders and drivers, Attorney General Maura Healey said.

“Uber failed to immediatel­y report this data breach and tried to pay hush money to hackers,” said Healey. “This settlement should be a lesson to other businesses that consumers have a right to know when their personal informatio­n has been compromise­d.”

In a statement, Uber’s chief legal officer, Tony West, said the company decided to eventually disclose the breach because the company needed to be transparen­t.

“We know that earning the trust of our customers and the regulators we work with globally is no easy feat. After all, trust is hard to gain and easy to lose,” West said in the statement. “We’ll continue to invest in protection­s to keep our customers and their data safe and secure, and we’re committed to maintainin­g a constructi­ve and collaborat­ive relationsh­ip with government­s around the world.”

Under the settlement, which was led by Healey and included all 50 states and Washington, D.C., Uber will pay Massachuse­tts roughly $7.1 million, the bulk of which will go to the general fund.

According to the complaint, Uber actively tried to hide that a hacker gained access to its systems, including by paying the attacker $100,000 in exchange for a non-disclosure agreement. Under state law, companies are required to disclose when customer and user informatio­n is stolen.

According to Healey’s office, the hackers obtained names, email addresses and cellphone numbers of 57 million riders, and names and drivers’ license numbers of 600,000 drivers.