Uber Admits To Data Breach Cover-Up & Enters Agreement With DOJ

Uber admitted to covering up a 2016 data breach, during which hackers gained access to nearly 60 million user records and hundreds of thousands of drivers’ license numbers.

The admission is part of a non-prosecution agreement between Uber Technologies, Inc. and federal prosecutors, US Department of Justice authorities announced Friday.

“As part of a non-prosecution agreement to resolve the investigation, Uber admitted to and accepted responsibility for the acts of its officers, directors, employees, and agents in concealing its 2016 data breach from the Federal Trade Commission (“FTC”), which at the time of the 2016 breach had a pending investigation into the company’s data security practices,” the U.S. Attorney’s Office said in a news release.

The company will have to pay $148 million in settlement fees and agreed to implement a new corporate integrity program, data security safeguards and data breach notification plans, among other mandated reforms, authorities said.

Hackers responsible for the 2016 breach used stolen credentials to access a private source code repository and obtain a private access key. The hackers then used that key to access and copy large quantities of data associated with Uber’s users and drivers, including approximately 57 million user records and 600,000 drivers’ license numbers.

Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.