Uber Avoids Criminal Charges by Admitting to Data Breach Cover-Up
The breach occurred in October 2016 when a group of hackers used stolen credentials to obtain an internal access key, which they then used to gain hold of approximately 57 million user records. These records included users’ names, email addresses, and phone numbers, as well as about 600,000 driver’s license numbers. Though the hackers didn’t obtain any Social Security numbers, credit card details, or trip details, how Uber responded to the breach is what brings them to their situation today.
Uber reportedly paid the hackers a $100,000 ransom not only to delete the data they’ve obtained, but also to keep the breach hidden from regulators and the media. Dara Khosrowshahi had just replaced the infamous Travis Kalanick as CEO and was navigating the company through a series of federal investigations, most of which focused on separate alleged privacy violations. Under the terms of the investigations, Uber was required to inform regulators of any “unauthorized access to personal information.” It didn’t comply.
Uber successfully hid the breach from regulators for over a year before Khosrowshahi publicly acknowledged the breach. In November 2017, the freshly-appointed CEO wrote a statement detailing the company’s “failure to notify affected individuals or regulators” and promising to notify affected users. The statement coincided with a “damning” Bloomberg report about the breach and its subsequent cover-up.
The news of the cover-up sparked a new investigation involving the Federal Trade Commission (FTC), the Federal Bureau of Investigations (FBI), state attorneys general, and foreign and domestic regulators. Up until last week, it remained possible that Uber could be held criminally liable for concealing the breach and violating its agreement to disclose security issues to regulators already investigating the company. But the company has avoided criminal charges via a non-prosecution agreement, which it entered into last Friday.
The agreement acknowledges that since Khosrowshahi’s appointment, Uber has “invested substantial resources to significantly restructure and enhance the company’s compliance, legal, and security functions.” It also publicizes a 20-year agreement between Uber and the FTC, in which the rideshare company promised to uphold a comprehensive privacy program and disclose any future consumer data breaches to the agency. According to the agreement, Uber settled any civil liability concerns through a $148 million settlement with the attorneys general for all 50 States, as well as an agreement to implement various internal security and review measures.
Violating any of these terms across the next two decades will put Uber back at square one, where it might face criminal prosecution all over again. But the company has surely learned its lesson…right?
Continue reading
Hubble Examines 16 Psyche, the Asteroid Worth $10,000 Quadrillion
Researchers just finished an ultraviolet survey of 16 Psyche, the ultra-valuable asteroid NASA plans to visit in 2026.
PS5 Temperature Measurements Reveal Potential Trouble Spot
The PS5's bottom-mounted RAM gets much warmer than the top.
Hubble Finds Exoplanet That Could Mirror Planet Nine
The planet, known as HD 106906 b, is 11 times the mass of Jupter, and it orbits the binary stars at a distance of nearly 68 billion miles — 730 times greater than the distance between Earth and the sun. Astronomers believe this frigid world could serve as a proxy to help us understand the hypothetical Planet Nine in our own solar system.
NASA Delays Lunar Contracts, Casting Doubt on 2024 Moon Landing
Many observers expected this move based on the funding approved by Congress and the ongoing effects of the pandemic, but it's still a disappointment for anyone who held out hope for a 2024 landing.