Carr reaches multi-million dollar settlement with Uber over data breach
Attorney General Chris Carr

September 26, 20183min3600
chris-carr

Attorney General Chris Carr today announced that the State of Georgia, along with 49 states and the District of Columbia, has settled with California-based ride-sharing company Uber Technologies, Inc. (Uber) to address the company’s one-year delay in reporting a data breach to its affected drivers.

As part of the nationwide settlement, Uber has agreed to pay $148 million to the states. Georgia will receive $4,137,509.67. In addition, Uber has agreed to strengthen its corporate governance and data security practices to help prevent a similar occurrence in the future.

“Personal identifying information that is obtained in a data breach can expose victims to various forms of identity theft and financial fraud that can hurt their credit, finances, employment and even lead to false arrests,”  Attorney General Chris Carr said. “To help mitigate these risks, it is critical that victims be informed of a breach in a timely manner. In this case, they were not, and we worked with our colleagues to hold the responsible party accountable and protect the interests of our citizens.”

Uber learned in November 2016 that hackers had gained access to some personal information that Uber maintains about its drivers, including drivers’ license information pertaining to approximately 600,000 drivers nationwide. Uber tracked down the hackers and obtained assurances that the hackers deleted the information. However, Uber failed to report the breach in a timely manner, waiting until November 2017 to do so.

The settlement between the State of Georgia and Uber requires the company to:

 

  • Take precautions to protect any user data Uber stores on third-party platforms outside of Uber.
  • Use strong password policies for its employees to gain access to the Uber network;
  • Develop and implement a strong overall data security policy for all data that Uber collects about its users, including assessing potential risks to the security of the data and implementing any additional security measures beyond what Uber is doing to protect the data;
  • Hire an outside qualified party to assess Uber’s data security efforts on a regular basis and draft a report with any recommended security improvements. Uber will implement any such security improvement recommendations; and

Develop and implement a corporate integrity program to ensure that Uber employees can bring any ethics concerns they have about any other Uber employees to the company, and that it will be heard.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *


About us

On Common Ground News is published daily by On Common Ground, Inc (OCGNEWS.COM). The newspaper serves DeKalb, Gwinnett, Rockdale and Metro Atlanta.

The opinions expressed by writers and contributors are not necessarily those of the publisher or the newspaper’s advertisers.

No portion of this newspaper may be reproduced in any form without the written permission of the publisher.

We reserve the right to reject material and advertisements we deem inappropriate.


On Common Ground News
P.O. Box 904
Lithonia, GA 30058


(770) 679-5607

editor@ocgnews.com


Latest News


By submitting this form, you are consenting to receive marketing emails from: On Common Ground News, 1240 Sigman Road, Conyers, GA, 30012, https://www.ocgnews.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact