Uber Technologies on Friday accepted responsibility for covering up a 2016 data breach that affected 57 million passengers and drivers, as part of a settlement with U.S. prosecutors to avoid criminal prosecution.
In reaching a non-prosecution agreement, Uber admitted that its staff had not reported the November 2016 hack to the US Federal Trade Commission, even though the agency had investigated the security of the company’s data. carpooling.
U.S. attorney Stephanie Hinds in San Francisco said Uber waited about a year to report the breach, after installing new executive leadership that “set a strong tone from the top” regarding ethics and compliance. compliance.
Hinds said the decision not to charge Uber reflected new management’s prompt investigation and disclosures, as well as Uber’s 2018 agreement with the FTC to maintain a comprehensive privacy program for 20 years.
The San Francisco-based company is also cooperating with the prosecution of a former security chief, Joseph Sullivan, for his alleged role in covering up the hack.
Uber did not immediately respond to requests for comment.
Sullivan was originally charged in September 2020. Prosecutors said Sullivan arranged to pay hackers $100,000 (approximately 79.89 rupees) in Bitcoin and have them sign nondisclosure agreements that falsely stated they didn’t steal any data.
Uber had a bounty program designed to reward security researchers who report vulnerabilities, but not to cover data breaches.
In September 2018, Uber paid $148 million (roughly Rs 1,182 crore) to settle claims from all 50 US states and Washington, DC that it was too slow to disclose the hack.
Uber shares closed 93 cents at $23.30 (about 1,800 rupees) on Friday. The non-prosecution agreement was disclosed after US markets closed.
© Thomson Reuters 2022
Tech
