Uber Avoids Criminal Charges by Admitting to Data Breach Cover-Up
The breach occurred in October 2016 when a group of hackers used stolen credentials to obtain an internal access key, which they then used to gain hold of approximately 57 million user records. These records included users’ names, email addresses, and phone numbers, as well as about 600,000 driver’s license numbers. Though the hackers didn’t obtain any Social Security numbers, credit card details, or trip details, how Uber responded to the breach is what brings them to their situation today.
Uber reportedly paid the hackers a $100,000 ransom not only to delete the data they’ve obtained, but also to keep the breach hidden from regulators and the media. Dara Khosrowshahi had just replaced the infamous Travis Kalanick as CEO and was navigating the company through a series of federal investigations, most of which focused on separate alleged privacy violations. Under the terms of the investigations, Uber was required to inform regulators of any “unauthorized access to personal information.” It didn’t comply.
Uber successfully hid the breach from regulators for over a year before Khosrowshahi publicly acknowledged the breach. In November 2017, the freshly-appointed CEO wrote a statement detailing the company’s “failure to notify affected individuals or regulators” and promising to notify affected users. The statement coincided with a “damning” Bloomberg report about the breach and its subsequent cover-up.
The news of the cover-up sparked a new investigation involving the Federal Trade Commission (FTC), the Federal Bureau of Investigations (FBI), state attorneys general, and foreign and domestic regulators. Up until last week, it remained possible that Uber could be held criminally liable for concealing the breach and violating its agreement to disclose security issues to regulators already investigating the company. But the company has avoided criminal charges via a non-prosecution agreement, which it entered into last Friday.
The agreement acknowledges that since Khosrowshahi’s appointment, Uber has “invested substantial resources to significantly restructure and enhance the company’s compliance, legal, and security functions.” It also publicizes a 20-year agreement between Uber and the FTC, in which the rideshare company promised to uphold a comprehensive privacy program and disclose any future consumer data breaches to the agency. According to the agreement, Uber settled any civil liability concerns through a $148 million settlement with the attorneys general for all 50 States, as well as an agreement to implement various internal security and review measures.
Violating any of these terms across the next two decades will put Uber back at square one, where it might face criminal prosecution all over again. But the company has surely learned its lesson…right?
Continue reading
The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.
Microsoft: Bethesda Games ‘Either First or Better’ on Xbox, Not Exclusive
Microsoft's Tim Stuart doesn't think the company will try to cut PS5 gamers out of future Bethesda titles. The company wants Xbox to be the best destination for its games, but not the only one.
Beyond Zoom: Virtual Gathering Spaces for the Holidays and Beyond
Software is not yet available for a complete metaverse experience, but there are some promising new communication platforms that might provide an intermediate step between Zoom and a full-blown metaverse.
FDA Approves New Eye Drops that Could Replace Glasses for Millions
A first-of-its-kind type of eye drop offers the tantalizing benefit of never needing reading glasses ever again.