Last year, Uber was heavily scrutinised over its security practises after a data leak was made public. A hacker had managed to obtain the details of millions of Uber users worldwide, including drivers and customers. The hack, which took place in 2016, was kept under wraps for 13 months and the company had paid $100,000 to the hacker in an effort to keep it quiet. Now, that mistake is costing Uber big time, with a $148 million fine being handed down.
Instead of properly informing those affected, Uber chose to spend $100,000 trying to cover up the hack. Now, the company has reached a settlement agreement with all 50 states and the District of Columbia to pay a $148 million fine and bolster security practises.
Speaking to the Associated Press (via The Guardian), Lisa Madigan, Illinois Attorney General, blasted this as “one of the most egregious cases we’ve ever seen” in terms of proper notification, she labeled Uber’s 13 month delay in coming clean as “just inexcusable”.
The hack itself involved the names, email addresses and phone numbers of 57 million Uber users. This number included 2.7 million UK customers. There is no UK-based fine just yet but over in the US, the $148 million fine will be divided amongst states based on how many active drivers are in each. In the long run, the fine will average out at $2.9 million per state, although the scales will tip in some areas. Illinois for instance is set to get an $8.5 million share.
KitGuru Says: The Uber hack was honestly quite astounding when it first came up. While a lack of honesty from companies isn’t particularly uncommon, we don’t usually hear about $100,000 cover-up efforts. All we can do now is hope that all companies try and do better in the future.