As part of a plea with US authorities to avoid criminal charges, Uber Technologies Inc. took responsibility for concealing a 2016 data breach that affected 57 million users and drivers on Friday.
In a non-prosecution agreement, Uber acknowledged that, despite the Federal Trade Commission’s ongoing investigation into the ride-sharing company’s data security, its staff did not notify it of the hacking in November 2016.
After appointing new executive leadership that “established a strong tone from the top” about ethics and compliance, Uber allegedly waited roughly a year to notify the hack, according to U.S. Attorney Stephanie Hinds in San Francisco.
Hinds claimed that Uber’s 2018 agreement with the FTC to maintain a thorough privacy programme for 20 years and new management’s swift inquiry and disclosures were key factors in the decision not to prosecute the company.
The San Francisco-based business is also supporting the prosecution of Joseph Sullivan, a former security chief, for his alleged role in covering up the hacking.
Requests for comment from Uber did not immediately receive a response.
Sullivan was first charged in September of 2020. According to the prosecution, Sullivan set up a $100,000 bitcoin payment to the hackers in exchange for them signing nondisclosure agreements that falsely claimed they had not taken any data.
To read our blog on “Uber drivers will not be able to cancel your ride frequently,” click here.