For experts on the subject, Uber’s silence was a “clear betrayal to consumer confidence”
Uber will pay about $148M USD to conduct a nationwide investigation into a data theft raised in 2016, an event in which a hacker managed to gain access to information belonging to 57 million of drivers and passengers. The stolen information includes names and driver license numbers of about 600k Uber drivers.
The investigation, lead by state attorneys-general across the United States, will focus on resolving whether Uber violated the report in case of data theft laws, as the company did not inform consumers that their information had been compromised.
According to specialists in ethical hacking, instead of disclosing data breach when it happened, Uber paid a hacker $100k USD through its vulnerability bounty program. The company convinced the hacker to erase the data and remain silent with a nondisclosure agreement.
The incident became public knowledge a year later, when Uber CEO Dara Khosrowshahi, announced it, qualifying it as a failure for the company, in addition to firing the two employees who had signed the hacker’s payment.
“Uber’s decision to cover up this data breach was a clear betrayal to consumer confidence”, said a statement by Xavier Becerra, Attorney General of California. “The company did not protect the data of its users and did not dare to notify the authorities about the exposed data”.
Tony West, Uber’s legal director, said this research was part of an Uber effort to reinvent the company’s image. He also mentioned that the company had recently hired a privacy chief and was in collaboration with specialists in ethical hacking.
“We know that winning the trust of our customers and the regulators we work with globally will not be easy. After all, trust is hard to win and easy to lose”, said West.
He added that data theft was revealed to the public during his first day at work. “Instead of settling into my new workspace and walking on the floor to meet my new colleagues, I spent the day calling several state and federal regulators”.
According to specialists in ethical hacking from the International Institute of Cyber Security, the Federal Trade Commission (FTC) announced last April its resolution on this incident. The FTC ordered Uber to regularly submit to privacy audits as part of an agreement reached last year.
The total amount for the investigation will be divided among the 50 states in the US.