Uber Consents to Expanded Settlement for Hiding Data Breaches

April 13, 2018 at 3:00 PM

Uber Technologies Inc. has agreed to a broader settlement with the U.S. Federal Trade Commission regarding its tardy disclosure of a breach in 2016 that released account data concerning 57 million customers and drivers.

Uber avoided a fine in the initial settlement last August by vowing to implement a “comprehensive privacy program.” Now it faces civil fines if it fails to promptly report any future incidents.

Uber disclosed the 2016 attack a year after the fact as the FTC was investigating what it calls a “strikingly similar” breach in 2014. The earlier hack involved the names and driver’s license numbers for some 50,000 Uber drivers in the U.S. Uber belatedly revealed it had paid the hackers $100,000 in exchange for their promise to delete the stolen data.

FTC Acting Chair Maureen Olhausen says Uber “compounded its misconduct” from the 2014 incident by its lack of candor about the 2016 attack, thus prompting the tougher settlement terms.