Uber has acknowledged concealing a significant data breach that occurred in 2016, compromising the information of around 57 million users and 600,000 drivers’ license numbers.

The Cover-Up

The ride-hailing giant reached a non-prosecution agreement with federal prosecutors to settle a criminal investigation into the concealment of the 2016 data breach, as disclosed by the US Department of Justice.

Admission of Concealment

Uber confessed to hiding the 2016 data breach from the Federal Trade Commission (FTC), despite the FTC having an ongoing investigation into the company’s data security practices at the time. According to the Justice Department, Uber’s personnel failed to report the breach to the FTC.

Breach Details

The breach involved hackers using stolen credentials to access a private source code repository and acquire a private access key. With this access, they copied substantial amounts of data associated with Uber’s users and drivers.

Delayed Reporting

The breach remained undisclosed to the FTC for almost a year until new executive leadership took over the company. Only then was the breach reported to the regulatory authorities.

Legal Settlement

Uber settled civil litigation with the attorneys general from all 50 states and the District of Columbia related to the 2016 data breach. The settlement amounted to $148 million, coupled with an agreement to implement a corporate integrity program.

Recent Revelations

In addition to the data breach, internal Uber documents were leaked, suggesting that the company may have violated laws and engaged in clandestine lobbying efforts to expand its global presence.

Uber’s admission of covering up the data breach underscores the importance of transparency and accountability in handling cybersecurity incidents, especially concerning the privacy and security of users’ data.