Uber Avoids Criminal Charges by Admitting to Data Breach Cover-Up
The breach occurred in October 2016 when a group of hackers used stolen credentials to obtain an internal access key, which they then used to gain hold of approximately 57 million user records. These records included users’ names, email addresses, and phone numbers, as well as about 600,000 driver’s license numbers. Though the hackers didn’t obtain any Social Security numbers, credit card details, or trip details, how Uber responded to the breach is what brings them to their situation today.
Uber reportedly paid the hackers a $100,000 ransom not only to delete the data they’ve obtained, but also to keep the breach hidden from regulators and the media. Dara Khosrowshahi had just replaced the infamous Travis Kalanick as CEO and was navigating the company through a series of federal investigations, most of which focused on separate alleged privacy violations. Under the terms of the investigations, Uber was required to inform regulators of any “unauthorized access to personal information.” It didn’t comply.
Uber successfully hid the breach from regulators for over a year before Khosrowshahi publicly acknowledged the breach. In November 2017, the freshly-appointed CEO wrote a statement detailing the company’s “failure to notify affected individuals or regulators” and promising to notify affected users. The statement coincided with a “damning” Bloomberg report about the breach and its subsequent cover-up.
The news of the cover-up sparked a new investigation involving the Federal Trade Commission (FTC), the Federal Bureau of Investigations (FBI), state attorneys general, and foreign and domestic regulators. Up until last week, it remained possible that Uber could be held criminally liable for concealing the breach and violating its agreement to disclose security issues to regulators already investigating the company. But the company has avoided criminal charges via a non-prosecution agreement, which it entered into last Friday.
The agreement acknowledges that since Khosrowshahi’s appointment, Uber has “invested substantial resources to significantly restructure and enhance the company’s compliance, legal, and security functions.” It also publicizes a 20-year agreement between Uber and the FTC, in which the rideshare company promised to uphold a comprehensive privacy program and disclose any future consumer data breaches to the agency. According to the agreement, Uber settled any civil liability concerns through a $148 million settlement with the attorneys general for all 50 States, as well as an agreement to implement various internal security and review measures.
Violating any of these terms across the next two decades will put Uber back at square one, where it might face criminal prosecution all over again. But the company has surely learned its lesson…right?
Continue reading
FTC Files Antitrust Case to Break Up Facebook
New York Attorney General Letitia James has announced a major antitrust case against Facebook, which will be joined by 47 other state and regional AGs. And that's not all: the Federal Trade Commission (FTC) is filing a separate case against Facebook later today.
Cyberpunk 2077 Save Files Will Break Forever If You Collect Too Many Items
Gamers have griped loudly about the bugs and performance issues, and there's a new issue to note today: if you collect too many in-game items, your save file will break forever.
Intel Records Record-Breaking 2020, Will Build ‘Most’ 7nm in Its Own Fabs
Intel broke revenue records for full year 2020 and saw client computing sales surge for the year. It didn't give exact specifics on 7nm, but it did update us on the broad shape of things.
Google Will Use Pixel’s Camera to Measure Heart Rate and Breathing
Like many of Google's machine learning projects, this one is coming first to Pixel phones, and more phones will probably get it down the line.