Uber Technologies Inc. has agreed to expand its proposed settlement with the U.S. Federal Trade Commission over its infamous 2016 hack, in a sign that the two parties may be close to signing off on a settlement once and for all.

Under the new terms, Uber has agreed, among other things, to be subject to FTC privacy audits for 20 years, presuming it lasts that long. It also committed to adhering to best practice, as well as the implementing record keeping for its bug bounty program and submitting third-party audits of the company’s privacy program to the FTC.

“After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while the Commission was investigating the company’s strikingly similar 2014 breach,” Acting FTC Chairman Maureen K. Ohlhausen said in a statement today. “The strengthened provisions of the expanded settlement are designed to ensure that Uber does not engage in similar misconduct in the future.”

The main hack, revealed in November, involved the theft of records such as names and driver’s license numbers of about 600,000 Uber drivers in the United States, along with the personal information of 57 million Uber users worldwide, including names, email addresses and mobile phone numbers.

Compounding the issue in an age where large-scale enterprise and startup hacks are nearly a regular occurrence was the revelation that not only did Uber sit on the details of the hack for nearly a year, it actively attempted to cover it up, including cash payments authorized by then-Chief Executive Officer Travis Kalanick.

In response to the news, Uber Chief Legal Officer Tony West was upbeat, saying in a statement reported by Reuters, “I am pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts.”

Photo: Pexels