Illinois Attorney General Lisa Madigan announced a settlement today between Uber Technologies, Inc. and all 50 states and the District of Columbia.
Uber has agreed to pay $148 million and take steps to tighten data security after the ride-hailing company failed for a year to notify drivers that hackers had stolen their personal information.
โUber completely disregarded Illinoisโ breach notification law when it waited more than a year to alert people to a serious data breach,โ Madigan said.
Madigan said that although Uber is now taking appropriate steps, โthe companyโs initial response was unacceptable. Companies cannot hide when they break the law.โ
Uber learned in November 2016 that hackers had accessed personal data, including driverโs license information, for roughly 600,000 Uber drivers in the U.S. The company acknowledged the breach in November 2017, saying it paid $100,000 in ransom for the stolen information to be destroyed.
Tony West, chief legal officer for Uber, said the decision by current managers was โthe right thing to do.โ
โIt embodies the principles by which we are running our business today: transparency, integrity, and accountability,โ West said.
The hack also took the names, email addresses and cell phone number of 57 million riders around the world.
All 50 states and the District of Columbia sued Uber, saying the company violated laws requiring it to promptly notify people affected by the breach.