Uber reaches non-prosecution deal with feds over 2016 data-breach coverup
SAN FRANCISCO - Uber admits to a data-breach coverup in a non-prosecution agreement with federal officials, U.S. Attorney's Office announced Friday.
In 2018, Uber Technologies Inc., best known as a transportation pioneer in the so-called shared economy, paid a $148 million settlement for the data breach where hackers accessed personal information, including driver's license information for up to 600,000 Uber drivers in the U.S.
The hack also took the names, email addresses and cell phone number of 57 million riders around the world. The company acknowledged the breach in November 2017, telling the Federal Trade Commission it paid $100,000 in ransom for the stolen information to be destroyed.
As part of the agreement to resolve the investigation, Uber admits that its officers, directors and employees worked to cover up the data breach from the FTC.
The company and prosecutors agree hackers stole credentials to access private source code and breached the data. Prosecutors said the delayed FTC disclosure came during a change in leadership at the company. The agreement credits the new leadership with a prompt investigation and disclosure of the breach to the public.
The agreement acknowledges compliance, legal and security improvements at Uber.
SEE ALSO: Uber hit with lawsuit by 500 women over allegations of sexual assault
"Uber agreed to maintain a comprehensive privacy program for 20 years and to report to the FTC any incident reported to other government agencies relating to unauthorized intrusion into individuals’ consumer information," the U.S. Attorney's Office statement read.
In addition, both parties agree that Uber is fully cooperating with an ongoing criminal case against the company's former chief security officer for the alleged attempt to cover up the data breach.
Prosecutors and Uber have also agreed the company settled civil litigation with attorneys general for all 50 states and the District of Columbia related to the data breach. Uber agreed to implement a corporate integrity program as a result. It includes security safeguards, data breach notification plans and ongoing assessments.