Uber has admitted to covering up the data breach in 2016 that compromised the private data of approximately 57 million of its users.
United States Department of Justice said Friday that Uber Technologies, Inc. agreed with federal prosecutors to resolve a criminal investigation on the 2016 data breach, accepting the responsibility of its officers, directors, employees, and agents.
Uber has agreed, through a non-prosecution agreement, to fully cooperate with government investigations on the criminal case, including the alleged attempt of Uber’s former chief security officer to cover up the data breach.
The agreement cited that Uber paid $148 million to settle civil litigation for all 50 States and the District of Columbia concerning the 2016 data breach.
The agreement also noted that Uber would report any unauthorized data intrusion to FTC and maintain a 20-year comprehensive privacy program.
In 2016, hackers accessed a private source code repository and obtained a private access key that revealed personal data, including 600,000 drivers’ license numbers. Uber did not report the breach to the FTC until a year later, when the company had new management that disclosed the matter to affected drivers, law enforcement, foreign and domestic regulators, and the public.
Uber was also under a pending Federal Trade Commission (FTC) investigation on its data security practices when the data breach happened.
© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.