AG Healey led multi-state effort in reaching $148 settlement with Uber over data breach


FILE – This March 20, 2018, file photo shows the Uber app on an iPad in Baltimore. U.S. employment regulators are investigating allegations that Uber set up a pay scale that discriminated against women working for the ride-hailing service. (AP Photo/Patrick Semansky, File)

(WWLP) — Uber has agreed to pay $148 million and take steps to tighten data security, after failing to notify drivers that hackers had stolen their personal information for a whole year.

Attorney General Maura Healey announced Wednesday that her office led a group of attorneys general from 50 states in reaching the $148 million settlement with Uber.

“Uber failed to immediately report this data breach and tried to pay hush money to hackers,” said AG Healey. “This settlement should be a lesson to other businesses that consumers have a right to know when their personal information has been compromised.”

According to AG Healey’s Office, Uber learned in November 2016 that hackers had accessed its internal databases and acquired the names, email addresses and mobile phone numbers of 57 million Uber riders and drivers, as well as the names and drivers’ license numbers of 600,000 U.S.-based drivers.

Under the settlement, Uber will pay Massachusetts approximately $7.1 million, of which $6.5 million will be distributed to the Commonwealth’s General Fund and $600,000 will be used to assist consumers and businesses, along with funding programs to protect victims of data breach and identity theft. 

The settlement also requires Uber to:

  • Comply with Massachusetts data breach and consumer protection law regarding the protection of Massachusetts residents’ personal information and notification in the event of a data breach concerning their personal information.
  • Take precautions to protect any user data Uber stores on third-party platforms outside of Uber.
  • Use strong password policies for its employees to gain access to the Uber network.
  • Develop and implement an overall data security program covering all data that Uber collects about its users, including conducting assessments of potential risks to the security of the data and implementing any necessary additional security measures.
  • Hire an outside qualified party to assess Uber’s data security efforts on a regular basis and implement recommended security improvements.
  • Develop and implement a corporate integrity program to allow Uber employees to bring any ethics concerns they have about any other Uber employees to the company.

Copyright 2020 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

State Police Overtime Scandal

More State Police Overtime Investigation

Trending Stories

Donate Today