The Uber arrived this Wednesday to an agreement with the prosecutors of all the states of the United States to pay 148 million dollars in compensation for having concealed the massive theft of data of its clients in 2016.
In addition, the company paid the hackers to hide the theft to the authorities for more than a year. The agreement includes the obligation for the company to make changes in the way in which it deals with security failures and comes after the coordinated investigation of 50 US state prosecutors.
In November of last year, Uber acknowledged that data theft had affected 57 million accounts. He also acknowledged that the company’s previous management had paid $ 100,000 to the hackers who stole the information to keep the facts secret.
In addition, he deliberately hid it by presenting it as if it were a payment to hackers for discovering security flaws.
The revelation came a few months after the company disposed of its founder and president, Travis Kalanick, and after the arrival of a new chief executive, Dana Khosrowshahi.
Along with the public admission of the scandal, Joe Sullivan, head of security at Uber, was fired. One of the missions of Khosrowshahi is to recover the image of the company, seen as an example of bad practices and contempt for the regulation of Silicon Valley. The previous management team kept the theft hidden for more than a year. “This should not have happened. There are no excuses. We are changing the way we work, “Khosrowshahi said then. “We can not erase the past, but I can commit myself to learn from mistakes.”
The concealment violates the norms on information of this type of situations, the reason why investigations against Uber were initiated in the United Kingdom, Australia, Philippines and the United States.
In April, the US Trade regulator detailed that the data stolen by the hackers included 25.6 million names and email addresses, 22.1 million names and phone numbers and 607,000 driver’s licenses.
The data was in a server managed by Amazon. More than half of those affected live in the United States.
The fine agreed yesterday is significantly higher than that received by the Target department store chain in 2017. Reuters notes that that agreement, also with several US prosecutors, was 18.5 million, 41 million customers were affected.
“The decision to hide this theft was a blatant violation of public confidence,” California Attorney General Xavier Becerra said at the public presentation of the agreement. “Companies in California and throughout the country are custodians of the valuable private information of their clients.
This agreement is a vision for all of us that we will demand responsibility for data protection. ” 147,000 of the driver’s licenses stolen from Uber were from California.
The agreement is the first, according to the prosecution, in which the company is obliged to incorporate new privacy protection measures into its product so that the facts are not repeated.
The agreement obliges to “develop, implement and maintain” a security program with an ex profes executive position that reports directly to the Board of Directors. The company is obliged to send security reports to the authorities every quarter.