(WWLP) — Uber has agreed to pay $148 million and take steps to tighten data security, after failing to notify drivers that hackers had stolen their personal information for a whole year.
Attorney General Maura Healey announced Wednesday that her office led a group of attorneys general from 50 states in reaching the $148 million settlement with Uber.
“Uber failed to immediately report this data breach and tried to pay hush money to hackers,” said AG Healey. “This settlement should be a lesson to other businesses that consumers have a right to know when their personal information has been compromised.”
According to AG Healey’s Office, Uber learned in November 2016 that hackers had accessed its internal databases and acquired the names, email addresses and mobile phone numbers of 57 million Uber riders and drivers, as well as the names and drivers’ license numbers of 600,000 U.S.-based drivers.
Under the settlement, Uber will pay Massachusetts approximately $7.1 million, of which $6.5 million will be distributed to the Commonwealth’s General Fund and $600,000 will be used to assist consumers and businesses, along with funding programs to protect victims of data breach and identity theft.
The settlement also requires Uber to:
- Comply with Massachusetts data breach and consumer protection law regarding the protection of Massachusetts residents’ personal information and notification in the event of a data breach concerning their personal information.
- Take precautions to protect any user data Uber stores on third-party platforms outside of Uber.
- Use strong password policies for its employees to gain access to the Uber network.
- Develop and implement an overall data security program covering all data that Uber collects about its users, including conducting assessments of potential risks to the security of the data and implementing any necessary additional security measures.
- Hire an outside qualified party to assess Uber’s data security efforts on a regular basis and implement recommended security improvements.
- Develop and implement a corporate integrity program to allow Uber employees to bring any ethics concerns they have about any other Uber employees to the company.