Before the authorities, and in order to avoid any prosecution, Uber assumes responsibility for having concealed a hacking of confidential data.
For nearly a year, Uber covered up a breach of confidential data
In November 2016, Uber suffered a cyberattack that compromised the data security of more than 57 million users of its services. By accessing a private GitHub account used by Uber engineers, the hackers then recovered credentials allowing them to access an Amazon Web Services account containing a lot of information. This data theft allowed hackers to recover the names, email addresses, phone numbers, and driver’s license numbers of 7 million Uber drivers and 50 million customers around the world.
At that time, the law required Uber to alert the Federal Trade Commission (FTC), which would have launched criminal proceedings and an investigation to find out the ins and outs of this data theft. But the firm will take another decision: it will hide this theft for almost a year . At the same time, Joseph Sullivan, former head of security at Uber, will give the hackers $100,000 by making them sign a confidentiality agreement.
Thanks to the responsiveness of the new management, Uber will not be sued
Federal prosecutor Stephanie Hinds told Reuters it took a year and the arrival of new, much stricter privacy and ethics management to report the breach. In November 2017, the management of Uber is renewed, and changes policy. She publicly reveals that this data was stolen.
Quickly, the American authorities and the 50 States begin heated discussions with the company which tries to find a solution. They recognize that the new management of Uber did not hesitate to publicly reveal the hack, unlike the previous one, which will allow it to reach an agreement, and not be sued.
In September 2018, an agreement was reached: Uber had to pay the sum of 148 million dollars in order to put an end to this story. The group now recognizes that its teams did not report the data breach when it occurred and that this act was deliberate. Since 2018, a comprehensive 20-year privacy program has been signed by the firm with the Federal Trade Commission.