The Ride Sharing Company Uber has agreed to pay $148 million dollars to settle the massive data breach in 2016 which exposed personal data of more than 57 million of its users.
The present CEO of Uber Dara Khosrowshahi said that hackers broke into the company’s database and accessed personal data such as emails, phone numbers of more than 57 million users, the company attempted to cover the hack without ever disclosing it. The attackers have also accessed names of the drivers and their license numbers of more than 600,000 in the US alone.
A bit of history of the hack
The hack took place in 2016 and was very easy for the hackers according to the report from Bloomberg when they obtained administration login details from a private Github account which was being used by the company’s development team. The hackers tried to blackmail Uber to pay a ransom of $100,000 in exchange for the stolen data not to be published.
The company didn’t notify its customers about the breach but it did pay the ransom. The company also breached notification law, Chief of Information Security Joe Sullivan was ordered to pay the ransom and cover the story by destroying the evidence. The entire payout was disguised as a bug bounty program and the company also made the hackers sign a non-disclosure agreement.
When did the company get charged?
In 2017 the Federal Trade Commission charged the company for deceiving customer’s privacy and data security practices. The point of FTC is that the company has failed to protect the customers and drivers data.
“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Illinois Attorney General Lisa Madigan told The Associated Press. And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches.”
According to the settlement the company has acknowledged to disclose any breach further on and also hire a cybersecurity firm to assess the security posture of the company.
“Uber hired a longtime in-house counsel for intel as chief its privacy officer and selected a former general counsel to the National Security Agency and director of the National Counterterrorism Center as the company’s chief trust and security officer.” continues the AP.
The entire payout from the company has been divided among the status based on the number of drivers in each state and for example, the share of state of Illinois will get $8.5 million and which means every driver will receive a $100 for losing the data to hackers.
Take your time to comment on this article.