Uber Settles Data Breach Investigation For $148 Million

An anonymous reader quotes a report from The New York Times: Uber will pay $148 million to settle a nationwide investigation into a 2016 data breach (Warning: source may be paywalled; alternative source), in which a hacker managed to gain access to information belonging to 57 million riders and drivers. The breach included names and driver's license numbers for 600,000 drivers. Rather than disclosing the breach when it occurred, Uber paid the hacker $100,000 through its bug bounty program. [...] The ride-hailing company persuaded him to delete the data and stay quiet about it with a nondisclosure agreement. The incident became public a year later when Uber's chief executive, Dara Khosrowshahi, announced it as a "failure" and fired the two employees who had signed off on the payment.

Tony West, Uber's chief legal officer, said the settlement was part of a larger effort inside Uber to remake the company's image. He said the company had recently hired a chief privacy officer and a chief trust and security officer. The $148 million settlement announced Wednesday will be divided among all 50 states and the District of Columbia. "Companies in California and throughout the nation are entrusted with customers' valuable private information," Xavier Becerra, California's attorney general, said. "This settlement broadcasts to all of them that we will hold them accountable to protect that data."

did riders and drivers get $?

[sittingnut]

"The $148 million settlement announced Wednesday will be divided among all 50 states and the District of Columbia"

but does any of that goes to riders and drivers whose data got breached?
or is this "settlement" a mere pay off to government lawyers in 50 states and dc? a bribe in another name?

Re:did riders and drivers get $?

The States sued Uber, not the riders or drivers. The grievance was failure to duly report the breach. If the drivers/riders wanted a piece, they should have sued.

To the victor go the spoils

Re:did riders and drivers get $?

"The $148 million settlement announced Wednesday will be divided among all 50 states and the District of Columbia"

but does any of that goes to riders and drivers whose data got breached?
or is this "settlement" a mere pay off to government lawyers in 50 states and dc? a bribe in another name?

Are you asking a rhetorical question?

Don't you know the answer?

In the end, isn't it we little people who get fucked?

Do you think that you'll get more karma or sidestep negative moderation by asking rhetorical questions?

Is moderation on Slashdot so easily manipulated that a rhetorical tactic works? Or are Slashdotters that stupid that they fall for it?

Re: did riders and drivers get $?

I think you just asked six rhetorical questions if my count is right

Re:did riders and drivers get $?

[ShanghaiBill]

but does any of that goes to riders and drivers whose data got breached?

No, because they didn't suffer any financial consequences, since all their data had already been leaked in the Equifax, Target, Yahoo, and Home Depot breaches. People need to face reality: At this point your name, SSN, DOB, home address, and CC#s are all public information. Breaches don't matter anymore.

Re:did riders and drivers get $?

Bitches about rhetorical question with more rhetorical questions. Genius.

Re: did riders and drivers get $?

The state used our money and resources to sue uber

Re: did riders and drivers get $?

The state used our money and resources to build the governor's mansion. I'd like to stay there.

Re:did riders and drivers get $?

[Aighearach]

Government lawyers get paid a salary, they don't get a cut of the State's winnings.

When they bring a case like this, it is a bunch of hard work that they have to fit into their schedule, for the same pay as if they don't do it.

And in this case, a few of the larger states did all the work, and the rest just phoned in their agreement.

The only way any of this money goes to riders and drivers is if any of them are American citizens, residents, or visitors. In that case they would benefit via their State.

Re:did riders and drivers get $?

[viperidaenz]

No one has notified the people who had their data stolen. How can they possibly sue if they don't know?

Re:did riders and drivers get $?

[Puls4r]

And yet equifax continues to avoid most fines. 500k euros. That's it. No US penalty. Gee, I wonder who the government favors more. A rideshare company or a financial corporation with their tentacles in literally EVERYTHING.

Re:did riders and drivers get $?

[rtb61]

Each time, those details are leaked, the citizen should have the right to change as many as possible and as necessary. Change credit card numbers (the citizen and the credit card company should be reimbursed costs), social security numbers (the state and the citizen should be reimbursed costs, any details you wish to be altered should be done at that companies expense. What cost to the citizen, every single second of their time in arranging those things and the costs associated with delays in activity until they can be replaced, likely somewhere between 4 and 8 hours of that citizens time plus on costs. The other cost credit card companies and the state, are what ever they claim.

So how many citizens have been contacted and reimbursed for needing to change some details, which should be changed, like credit card numbers and social security numbers and any other details that need to be changed to be more secure again. This done, each and every time. How about personal psychological profiling data, there should be a massive penalty for that. Keep the data, expect real consequences when you fail to secure it. We are not even touching on the penalty they should be for as it turns out, successfully assisting criminals in their fraudulent activities. That leak causes a bank account to be emptied of tens of thousands of dollars, well, they should pay.

Re:did riders and drivers get $?

[ole_timer]

the settlement was uber's fine. in the case of equifax there's no law that would cause them to get fined. and they don't directly take credit card payment (with some exceptions) so Visa et al can't give them penalties under any contract.

Register now!

[viperidaenz]

For your $2.60 compensation!

RIAA accounting

Now if each customer got $10,000 per breach they wold have been up for close on $1.5 Trillion.

And let's face it, personal user information which you have for your entire life (70+ years on average) should be worth FAR MORE than a song that is popular for 6 months maybe less.

Oh wait, you $10 payment to your local candidate is nothing compared to the Bribe...I mean campaign contribution... they get from the corporate sector. Turns out that some "People" (as corporations are now) are worth more than other people.

When does equifax settle?

And for how much? Should be at least $750 million if it's proportionate.

Uber actually safeguards data and gets fined

[locketine]

So Equifax lost really sensitive data to the hacker black market and doesn't get fined, while Uber recovers less critical data and gets a substantial fine? I'm no fan of Uber and I guess neither were these states.