Back in 2016 Uber experienced a data breach that compromised the personal data of some 600 000 drivers in the US and 57 million users worldwide.
Uber’s faux pas in this situation is that it neglected to inform drivers and riders of the breach for a year and that mistake has turned out to be a costly one.
In an agreement reached this week, Uber will pay a $148 million fine and tighten its data security.
“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Illinois attorney general Lisa Madigan told the Associated Press.
“And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches,” the attorney general added.
The information gleaned from the hack includes driver license information from drivers while email addresses, names and contact numbers of riders were compromised.
While the news that Uber failed to notify drivers and riders of the breach for a year is shocking in itself the company also paid a $100 000 ransom for the information to be destroyed.
The $148 million Uber now has to pay will be divided among 51 states with Madigan adding that Uber drivers in Illinois will receive $100.