Uber has agreed to expand settlement with FTC over 2016 data breach

Uber has agreed to expand settlement with FTC over 2016 data breach

Uber previously settled with the FTC over allegations that it didn’t protect it’s custoners’ data back in 2014. Now only that, Uber was accused of misrepresenting how secure the data was.

Not long after that, current CEO of Uber found that the company had hidden evidence of a separate extortion-based attack that exposed “25 million names and email addresses, 22 million names and mobile phone numbers, and 600,000 names and driver’s license numbers of US Uber drivers and riders,” according to the FTC.

Due to the misconduct around the secondary breach, FTC revised its original settlement of a 2014 incident to include additional provisions, including civil penalties, should Uber fail to notify the FTC of any future breaches.

“My first week at Uber was the week we disclosed the 2016 breach,” Uber’s Chief Legal Officer Tony West told Engadget. “When Dara Khosrowshahi joined the company, he committed on behalf of every Uber employee that we would learn from our mistakes, change the way we did business and put integrity at the core of every decision we made. Since then we have moved quickly to do just that by taking responsibility for what happened. I am pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts.”

In the terms of the new complaint, Uber has to submit all of the report from the company’s third-party audits of its privacy program, and not only the first report. Additionally, the company must retain all records related to bug bounty reports.

“After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while the Commission was investigating the company’s strikingly similar 2014 breach,” said Acting FTC Chairman Maureen K. Ohlhausen in a statement. “The strengthened provisions of the expanded settlement are designed to ensure that Uber does not engage in similar misconduct in the future.”

The revised agreement set forth by the FTC will go through a 30-day public comment period that will end on May 14th. That’s when the Commission will decide if it wants to make the proposal final.

Hamza Khalid

Hamza Khalid is the Lead Editor at The Jolt Journal. You're more than welcome to follow him on Twitter and follow The Jolt Journal on Twitter and Facebook. If you have any questions, concerns, or need to report something in this article, please send our team an email at [email protected]. This story may be updated at any time if new information surfaces.

At The Jolt Journal, no one tells us what to write or how to write it. This is why, in the era of lies and bias, readers turn to an independent source. Rest assured, all information on our website is free of any bias or influence. If you see anything wrong with a story, please don't hesitate to reach out. We do our very best to report on the latest available information.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.