Uber Technologies Inc. has acknowledged a 2016 data breach affecting over 57 million drivers and passengers, reaching a settlement with U.S. prosecutors to avoid criminal charges. The controversy centers around Uber’s failure to report the hack to the Federal Trade Commission (FTC) while under investigation for data security practices.
According to Stephanie Hinds, the U.S. Attorney for the Northern District of California, Uber delayed reporting the breach for a year, coinciding with a change in leadership. However, Uber’s new management demonstrated proactive measures in investigating the breach, leading to leniency from prosecutors.
As part of the settlement, Uber will maintain a comprehensive data privacy program for approximately 20 years, ensuring stricter compliance with regulations.
The incident also involved Joseph Sullivan, Uber’s former security chief, who was charged in 2020 for concealing the breach. Prosecutors allege Sullivan paid hackers $100,000 and had them sign false non-disclosure agreements.
This settlement follows a separate resolution in 2018, where Uber paid $148 million to settle claims with 50 U.S. states and Washington D.C. for failing to promptly disclose the data breach.
This case highlights the critical importance of data security practices and transparency for companies operating in the digital age.
