$148 Million Compensation Fine by Uber Due to 2016 Security Breach, Confirmed
The California Attorney General has revealed that Uber is open to paying $148 million for the damages incurred with a data breach that happened in their system in 2016. Cybercriminals who perpetuated the hack were able to capture 57 million personally identifiable information records of both drivers and passengers. The company even communicated with the hackers, as the company offered to pay $100,000 for the latter to dispose the data and stay quiet about the incident. Uber’s former CEO Travis Kalanick in his initial communication denied the allegation. But the new CEO Dara Khosrowshahi has changed the stance by paying the penalty in the view of repairing the damaged reputation caused by the event.
Tony West, Uber’s Chief Legal Officer expressed confidence that their expression of humility will bring passengers, drivers and the company together in serving the public transport sector. “Our current management team’s decision to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability. An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward. We know that earning the trust of our customers and the regulators we work with globally is no easy feat. After all, trust is hard to gain and easy to lose. We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”
“Uber’s decision to cover up this breach was a blatant violation of the public’s trust. The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law,” emphasized Xavier Becerra, California Attorney General.
The breached records include the full names of the drivers and passengers, their email addresses, mobile numbers and driver’s license information of 600,000 of their drivers in the U.S.. “This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation. We’ll continue to fight to protect New Yorkers from weak data security and criminal hackers.” explained Barbara Underwood, New York’s Attorney General.
Uber is seen as serious in its goal of rebuilding its name again, with the new Chief Privacy Officer, Ruby Zefo leading the charge of change. Uber’s systems are undergoing heavy auditing to focus its development towards privacy. The company also created the office of the Chief Trust and Security, headed by Matt Olsen, who will make sure enough investments with security functions.“The commitments we’re making in this agreement are in line with our focus on both physical and digital safety for our customers, as exemplified by our recent announcement of a host of safety and security improvements and our recent hiring of experts like Ruby Zefo as Chief Privacy Officer and Matt Olsen as Chief Trust & Security Officer,” concluded West.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.