Uber Admits Covering Up 2016 Hacking, Avoids Prosecution in U.S. Settlement
Uber Technologies Inc. on Friday accepted responsibility for covering up a 2016 data breach that affected 57 million passengers and drivers, as part of a settlement with U.S. prosecutors to avoid criminal charges.
U.S. Attorney Stephanie Hinds in San Francisco said Uber waited about a year to report the breach, after installing new executive leadership who “established a strong tone from the top” regarding ethics and compliance.
Hinds said the decision not to criminally charge Uber reflected new management’s prompt investigation and disclosures, and Uber’s 2018 agreement with the FTC to maintain a comprehensive privacy program for 20 years.
The San Francisco-based company is also cooperating with the prosecution of a former security chief, Joseph Sullivan, over his alleged role in concealing the hacking.
U.S. Charges Uber’s Ex-Security Chief With Deliberately Concealing 2016 Hacking
Uber did not immediately respond to requests for comment.
Sullivan was originally indicted in September 2020. Prosecutors said Sullivan arranged to pay the hackers $100,000 in bitcoin and have them sign nondisclosure agreements that falsely stated they had not stolen data.
Uber had a bounty program designed to reward security researchers who report flaws, but not to cover up data thefts.
In September 2018, Uber paid $148 million to settle claims by all 50 U.S. states and Washington, D.C., that it was too slow to disclose the hacking.
Uber Settles with States for $148M Over Failure to Disclose Data Breach
Uber shares closed down 93 cents at $23.30 on Friday. The non-prosecution agreement was disclosed after U.S. markets closed.
- Class Action Settlements Flooded With Fraudulent Claims by Scammers
- Biden Vetoes Bid to Repeal US Labor Board Rule on Contract, Franchise Workers
- Berkshire’s Jain on Cyber: ‘The Mindset Should Be You’re Not Making Money’
- Rising Prices, Low Satisfaction Drive 49% of Customers to Shop For New Auto Insurance