Skip to main content

Uber agrees to pay $148 million for 2016 hack and cover-up

Anthony Wallace/AFP/Getty Images

Uber’s 2016 shenanigans that saw it fail to report a massive data breach and led to it paying the hackers $100,000 has ended up costing the company $148 million.

The ridesharing giant has agreed to pay the sum after reaching a settlement with all 50 U.S. states and the District of Columbia that had accused it of breaking the rules.

Recommended Videos

The breach, in which hackers gained access to personal information linked to 57 million Uber customers and drivers around the world, came to light toward the end of 2017, a year after it had taken place. Uber knew about the hack but had tried to conceal it, going so far as paying the hackers $100,000 to destroy the stolen data.

The Washington Post described the $148 million settlement as “the largest multi-state penalty ever levied by state authorities” for an incident of this nature, and marks “the first time the company has settled a matter with the top law enforcement officials from all 50 states and the District.”

“Uber’s decision to cover up this breach was a blatant violation of the public’s trust,” California Attorney General Xavier Becerra said in a statement. “The company failed to safeguard user data and notify authorities when it was exposed.”

Becerra said that consistent with Uber’s substandard corporate culture at the time, the company “swept the breach under the rug in deliberate disregard of the law. Companies in California and throughout the nation are entrusted with customers’ valuable private information. This settlement broadcasts to all of them that we will hold them accountable to protect their data.”

The data breach took place during Travis Kalanick’s time as CEO and at a time when the company was fighting battles on multiple fronts. Dara Khosrowshahi replaced Kalanick in August 2017 and during an overhaul of the company’s business practices, insiders revealed its wrongdoing.

Khosrowshahi said he only found out about the hack shortly before it was made public, admitting that the company should have notified regulators as soon as they learned of the incident.

“None of this should have happened, and I will not make excuses for it,” the CEO said at the time while insisting that Uber would learn from its mistakes.

The $148 million fine will be split among the states and each will decide how the money is used. Uber has also agreed to continue with ongoing efforts to incorporate new systems aimed at preventing future hacks, and to improve its corporate culture.

In his first day in the job as Uber’s chief legal officer, Tony West said on Wednesday, September 26, that he was “pleased” the agreement had been reached, adding that it had been right for its current management team to disclose the incident, and that the decision “embodies the principles by which we are running our business today: transparency, integrity, and accountability.”

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
‘No mask, no ride’: Uber extends face-covering requirement indefinitely
A driver wearing a face mask.

Uber is doubling down on its mask-wearing rule by extending the requirement indefinitely for rides in the U.S. and Canada.

The rule, which came into force in May 2020 due to the coronavirus pandemic, had been set to stay effective until the end of June. But with infection rates on the rise in numerous states across the U.S., the company now says riders and drivers must wear a face-covering during trips until further notice.

Read more
Hackers are trying to sell a haul of more than 73 million user records
Hands on a laptop.

More than 73 million user records stolen from across a number of online services are being offered for sale on the dark web by hacker group ShinyHunters, according to ZDNet.

Affected services include online dating app Zoosk (30 million user records), printing service Chatbooks (15 million), food delivery service Home Chef (8 million), online marketplace Minted (5 million), and U.S. news site Star Tribune (1 million).

Read more
Massive iPhone security flaw left millions of phones vulnerable to hacks
iPhone Home screen and apps

Over half a billion iPhones are vulnerable to hackers, and iPads are susceptible, too — and Apple is still working to deploy its fix.

The issue — which was discovered by cybersecurity company ZecOps exec Zuk Avraham — lies with Apple’s Mail app, which leaves devices vulnerable to hackers, according to Reuters.

Read more