Uber pays $148 million to settle data breach coverup

The settlement comes after a 10-month probe into a breach that exposed data from 57 million Uber accounts, including 600,000 driver’s licence numbers.

Ever wondered why Uber spent $3.9 billion on sales and marketing over the last six quarters, as revealed by GAAP filings. It wasn’t only to ensure that driver partners came on board, but also to ensure that the company's image as a disruptive tech business remained solid.

This week, the San Francisco-based company settled a $148 million penalty on allegations that emerged in 2016 that it intentionally concealed data breaches.

The settlement with 50 US states and Washington, D.C., is an expensive resolution to one of the biggest embarrassments and legal tangles the ride-hailing company is involved in.

The amount is the largest among attorneys general settlements in privacy cases. In 2017, a multi-state settlement with Target Corp over a breach in which data of 41 million people was stolen was $18.5 million.

Uber disclosed that it had paid hackers $100,000 to conceal a cybersecurity theft where email addresses and mobile phone numbers of over 50 million drivers were stolen. At least 12 percent of those numbers belonged to Uber drivers across the world. The digital thieves also managed to steal information on thousands of number plates.

The India factor

This becomes relevant in India as its driver partners and users demand data protection. India does not have a data protection law yet, but the Justice B N Krishna Committee report will be tabled in Parliament by the end of the year.

The report clearly states that no private agency can keep data of its users for more than six months. Private agencies have to ensure that they are compliant with data protection norms and ensure protection from theft, which means data will eventually have to be stored in an Indian data centre for international businesses operating out of India.

The committee has also recommended that citizens can take to court companies for misusing data, which was further solidified with the UIDAI Act judgment passed on.

“Data protection is going to become very important in India and organisations have to plan to safeguard consumer data. They cannot be lax about it anymore now that laws are coming in place,” says Smriti Tipirneni, Associate Partner, Burgeon.

Managing data is on top of most companies’ priority lists, and Uber is working to ensure that data remains secure. The last 10 months have seen Uber CEO Dara Khosrowshahi settle many controversies in the company, ranging from sexual allegations at the previous management, an exodus of top brass, and handling law suits from Alphabet over a self-driving car design.