back to article Uber to dole out $148m settlement among US states over breach it paid $100k to bury

Uber will pay $148m to US state authorities in a settlement for the 2016 data breach that saw hackers steal information on 57 million people. The firm covered up the hack – which exposed names, email addresses and phone numbers of drivers and customers – for almost a year. It also attempted to bribe the thieves, offering them …

  1. Anonymous Coward
    Anonymous Coward

    Submit to an External-Audit because that worked so well before - Business as usual then Uber? - FFS!

    This fine and all the others to come, just the cost of doing business:

    1. GnuTzu

      Re: Submit to an External-Audit because that worked so well before - PCI DSS

      Yeah, I've seen auditors browbeaten into submission. There's a fundamental conflict of interest in the PCI DSS standard simply because external auditors can be replaced if they get too finicky. But, what do you expect from a regulatory standard created by the banking industry.

  2. Anonymous Coward
    Anonymous Coward

    Which single law was broken?

    "...deliberate disregard of the law."

    Which law was broken? It sounds like Uber broke 1 law, I assume that was bribery, unless that is legal then it must of been another law.

    1. Robert Helpmann??
      Paris Hilton

      Re: Which single law was broken?

      That information was linked in the article, but for this particular issue (emphasis added), just keep reading...

      "California Attorney General Xavier Becerra and San Francisco District Attorney George Gascón today announced a $148 million nationwide settlement resolving allegations that Uber Technologies, Inc. (Uber) violated state data breach reporting and reasonable data security laws in connection with its 2016 breach of driver and customer data. Uber is accused of exposing 57 million users’ data and paying hackers to cover up the breach rather than reporting it to proper authorities. "

      It doesn't stop there, of course. This page has a number of examples:

      More telling is that there is a Wikipedia page set up for this very topic:

      1. Anonymous Coward
        Anonymous Coward

        Re: Which single law was broken?

        Well, I did read the whole thing. I'm used to seeing the actual wording of the law(s) on here (the relative section at least). Dunno, maybe it's just too much text to paste in, laws can't get lengthy (especially the interpretation of). However, I like to see these laws as the laws of privacy are on a new front and seem to amend frequently.

        I'll check your links, but I'm not a fan of Uber's practices and I am still wondering if they broke only 1 law (not that it matters as judgement has been given).

  3. Wellyboot Silver badge

    No jail time for deliberate deception

    Somebody senior should be wearing orange, then we may believe they'll obey the law in future.

    1. GnuTzu

      Re: No jail time for deliberate deception -- And You Know Why

      As long as bigger corporations fear reasonable punishment and have influence over the lawmakers, we'll never see laws that do anything other than reward the crimes and negligence of CEO's.

  4. Anonymous Coward
    Anonymous Coward

    An absolute shower with no scruples

    Should be run out of town - EVERY town!

  5. ma1010

    It's just plain ILLEGAL

    Companies in California and throughout the nation are entrusted with customers' valuable private information. This settlement broadcasts to all of them that we will hold them accountable to protect their data.

    That's damn right, Uber! You can't GIVE away customers' valuable private information. You have to SELL it on to as many useless assbags as possible who will use it for endless spam and "targeted advertising" instead!

    What was that about data protection laws that say you can't just sell everyone's data? Yeah, that's some sort of European thing, maybe, but no such limits here in the USA!

  6. EveryTime

    The fine seems high, but not excessive for how clear-cut the offense was.

    If the people involved are consistently able to avoid criminal liability for breaking the law, then only painfully high fines will keep management and the board from making cynically corrupt decisions.

  7. JCitizen

    Eye exam??

    What difference would it make if Uber conducted an eye exam over the internet or not. If your driver has to have a state driver license, they already took an eye exam at the DMV. Seems stupid to even mention it! Perhaps they are referring to countries with lax laws?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like