Uber fined US$148m for data breach and bug bounty cover up

prototype-uber-taxi-appUber has paid US$148m to settle a legal violation stemming from a hack a year ago that accessed the data of 57 million drivers and riders including the names and driving licence numbers of 600,000 drivers.

When the incident occurred, the company paid the hackers a $100,000 “bug bounty” to delete the data and to sign a secret agreement not to reveal the security hole. Subsequently, the two employees who led the cover up were fired, and state attorneys general began investigations over the breach and also the failure to notify authorities. Target also paid large ($19m) settlements to US authorities over data breaches, but the 2017 Equifax breach has not yet been settled and could be even larger than this week’s settlement.

For the rideshare company, this is one more issue to strike off new CEO Dara Khosrowshahi’s ‘Fix Uber’ list of problems to be resolved before an initial public offering expected in 2019. In July, the company hired a Chief Privacy Officer. The company is said to be valued at $76 billion following a $500m investment by Toyota in joint autonomous vehicle development.

Read more: NY Times / Reuters (1) / CNN / Reuters (2)

Image: Fernando Oda / CC-BY 2.0

This story is taken from the 28 September 2018 edition of The Warren Centre’s Prototype newsletter. Sign up for the Prototype here.