APPS
APPS
APPS
Uber settles states’ investigation of 2016 data breach and coverup for $148M
Uber Technologies Inc. today disclosed that it has settled a multistate probe into a 2016 data breach that compromised 57 million of its users.
The company has agreed to pay $148 million as part of a deal encompassing all 50 states and Washington D.C., a fine that represents the biggest ever of its kind. The settlement comes 11 months after Uber disclosed the incident, which had taken place over a year earlier under previous Chief Executive Officer Travis Kalanick.
Hackers had managed to infiltrate a poorly secured GitHub repository belonging to the company and steal login credentials to an Amazon Web Services account. That account, in turn, contained some of the 57 million affected users’ personal information. The attackers managed to obtain names, email addresses and phone numbers as well as the driver’s license numbers of 607,000 Uber drivers.
What caused the incident to draw so much scrutiny was how Uber handled the situation. Bloomberg reported at the time that then-Chief Executive Kalanick found about the breach a month after the fact yet didn’t inform the public. To make matter worse, the company admitted that senior employees had paid the hackers $100,000 to delete the stolen data and keep the breach a secret.
Tim Erlin, vice president of product management and strategy at cybersecurity firm Tripwire, said in an email that the coverup contributed to the size of the settlement. “It’s a good reminder to all organizations of how a good breach response plan can help avoid poor decision-making in the midst of an incident,” he said.
Today’s settlement finally puts the embarrassing episode behind the company. In addition to the $148 million fine, the agreement includes terms requiring Uber to change its corporate culture and adapt new practices to prevent future breaches.
“We know that earning the trust of our customers and the regulators we work with globally is no easy feat,” Uber Chief Legal Officer Tony West wrote in a statement. “After all, trust is hard to gain and easy to lose. We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”
Photo: Wikimedia
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
