UPDATED 15:24 EDT / SEPTEMBER 26 2018

APPS

Uber settles states’ investigation of 2016 data breach and coverup for $148M

Uber Technologies Inc. today disclosed that it has settled a multistate probe into a 2016 data breach that compromised 57 million of its users.

The company has agreed to pay $148 million as part of a deal encompassing all 50 states and Washington D.C., a fine that represents the biggest ever of its kind. The settlement comes 11 months after Uber disclosed the incident, which had taken place over a year earlier under previous Chief Executive Officer Travis Kalanick.

Hackers had managed to infiltrate a poorly secured GitHub repository belonging to the company and steal login credentials to an Amazon Web Services account. That account, in turn, contained some of the 57 million affected users’ personal information. The attackers managed to obtain names, email addresses and phone numbers as well as the driver’s license numbers of 607,000 Uber drivers.

What caused the incident to draw so much scrutiny was how Uber handled the situation. Bloomberg reported at the time that then-Chief Executive Kalanick found about the breach a month after the fact yet didn’t inform the public. To make matter worse, the company admitted that senior employees had paid the hackers $100,000 to delete the stolen data and keep the breach a secret.

Tim Erlin, vice president of product management and strategy at cybersecurity firm Tripwire, said in an email that the coverup contributed to the size of the settlement. “It’s a good reminder to all organizations of how a good breach response plan can help avoid poor decision-making in the midst of an incident,” he said.

Today’s settlement finally puts the embarrassing episode behind the company. In addition to the $148 million fine, the agreement includes terms requiring Uber to change its corporate culture and adapt new practices to prevent future breaches.

“We know that earning the trust of our customers and the regulators we work with globally is no easy feat,” Uber Chief Legal Officer Tony West wrote in a statement. “After all, trust is hard to gain and easy to lose. We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”

Photo: Wikimedia

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU