Uber Technologies Inc. has admitted to getting hacked in 2016 that targeted more than 57 million drivers and passengers. To avoid criminal charges, the ride-hailing service made an agreement with U.S. prosecutors.
Uber has also confessed that although the agencies were investigating the company’s data security regarding ride-sharing, they failed to report the hacking in November 2016 to U.S. Federal Trade Commission due to a non-prosecution agreement.
Stephanie Hinds, the United States Attorney for the Northern District of California said in San Francisco that Uber waited for a year to report the security breach after placing new executive leadership. She further said that Uber was not charged criminally because of the new management that prompted the investigation. Along with this, Uber and Federal Trade Commission (FTC) had an agreement for maintaining a comprehensive privacy program for about 20 years.
Joseph Sullivan, the former security chief of Uber played an important role in hiding the information regarding this hack. He was charged in 2020 for hiding the data breach, with lawyers claiming that he paid $100,000 to hackers and made them sign non-disclosure agreements claiming that they didn’t participate in the hack.
Uber also paid about $148 million to 50 U.S. states and Washington D.C. back in 2018 to settle lawsuit claims as the company didn’t disclose the breach on time.