Yesterday (September 26, 2018), Uber Technologies Inc. agreed to finish inquiries of all 50 states of its 2016 data breach by paying $148 million in different amounts to all 50 states and the District of Columbia.
The settlement concludes the investigations into the data breach, which occurred in 2016 when hackers absconded with the personal information of 57 million users and drivers and Uber paid the hackers $100,000 to keep it quiet. The company did not notify the 57 million individuals of the data breach, which the AGs alleged there was a violation of state data breach notification laws and applicable state data security laws.
In addition to the monetary fine, Uber is required under the settlement to change business practices to avoid future breaches and to hire a third-party to audit its data security processes.
According to the Attorney General of New York, the settlement sends a clear message to companies that there is “zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation.”