Uber fined $150M in breach
Co. tried to keep hack secret
Uber will pay nearly $150 million to settle allegations that it took steps to hide a data breach that exposed information from about 57 million riders and drivers, Attorney General Maura Healey said.
“Uber failed to immediately report this data breach and tried to pay hush money to hackers,” said Healey. “This settlement should be a lesson to other businesses that consumers have a right to know when their personal information has been compromised.”
In a statement, Uber’s chief legal officer, Tony West, said the company decided to eventually disclose the breach because the company needed to be transparent.
“We know that earning the trust of our customers and the regulators we work with globally is no easy feat. After all, trust is hard to gain and easy to lose,” West said in the statement. “We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”
Under the settlement, which was led by Healey and included all 50 states and Washington, D.C., Uber will pay Massachusetts roughly $7.1 million, the bulk of which will go to the general fund.
According to the complaint, Uber actively tried to hide that a hacker gained access to its systems, including by paying the attacker $100,000 in exchange for a non-disclosure agreement. Under state law, companies are required to disclose when customer and user information is stolen.
According to Healey’s office, the hackers obtained names, email addresses and cellphone numbers of 57 million riders, and names and drivers’ license numbers of 600,000 drivers.