Breach, Data Security

Uber settles 2016 data breach with cover-up admission

Share

Uber has entered a deal with the U.S. Department of Justice to avert any prosecution related to a massive data breach in 2016 by declaring efforts to cover up the incident that has compromised sensitive data from 57 million users and drivers, The Verge reports. Uber "admits that its personnel failed to report the November 2016 data breach to the [Federal Trade Commission] despite a pending FTC investigation into data security at the company," noted a release from the Justice Department. Stolen credentials have been leveraged by attackers to compromise Uber's private source code repository and secure a proprietary access key, which was then used to steal data from nearly 57 million users and 600,000 driver's license numbers but the breach was only disclosed by the company a year after the incident. Uber noted that it had paid $100,000 to its attackers. The Justice Department said that Uber will no longer be prosecuted after deciding to disclose the breach as well as inform the FTC regarding any future attacks. Uber has also settled the civil suit related to the attack for $148 million, according to the settlement.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.