They say learning from your mistakes is ideal, and Uber has been doing a lot of that. Almost 2 years after a massive data breach, the company has agreed to a $148 million payout, CNBC reports.
Last year, Uber’s CEO Dara Khosrowshahi revealed that, one year before, 2 hackers managed to steal data stored on a third-party cloud-based service. Information on 57 million riders and drivers was illegally downloaded by the 2, including driver’s license numbers, personal emails, addresses and phone numbers.
Almost 600,000 drivers were exposed, with the rest of the number being people who had shared rides on the Uber platform.
Khosrowshahi insisted that the data didn’t include more sensitive information like Social Security numbers, and strove to explain why the breach had been hushed. At the time, they thought this would be a better course of action than to go public with the breach and cause panic. They also focused on limiting the damage and on ensuring such a breach never happened again.
In other words, Uber paid the hackers $100,000 to delete the downloads and never speak of the breach again. In doing so, Uber violated its clients’ trust, the California Attorney General’s office says in a statement announcing the settlement.
“Uber's decision to cover up this breach was a blatant violation of the public's trust. The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law,” Xavier Becerra, California Attorney General, says in a statement to the media outlet.
Consequently, the company will be paying $148 million for the breach. How’s that for learning from one mistakes, the hard way?
CNBC says the payments will of “varying amounts” and will be “distributed across the states and Washington, D.C.”
Almost 600,000 drivers were exposed, with the rest of the number being people who had shared rides on the Uber platform.
Khosrowshahi insisted that the data didn’t include more sensitive information like Social Security numbers, and strove to explain why the breach had been hushed. At the time, they thought this would be a better course of action than to go public with the breach and cause panic. They also focused on limiting the damage and on ensuring such a breach never happened again.
In other words, Uber paid the hackers $100,000 to delete the downloads and never speak of the breach again. In doing so, Uber violated its clients’ trust, the California Attorney General’s office says in a statement announcing the settlement.
“Uber's decision to cover up this breach was a blatant violation of the public's trust. The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law,” Xavier Becerra, California Attorney General, says in a statement to the media outlet.
Consequently, the company will be paying $148 million for the breach. How’s that for learning from one mistakes, the hard way?
CNBC says the payments will of “varying amounts” and will be “distributed across the states and Washington, D.C.”