Uber admits covering up 2016 hacking, avoids prosecution in U.S. settlement
The Hindu
Prosecutors said a former security chief arranged to pay the hackers $100,000 in Bitcoin to cover up the incident
Uber Technologies Inc on Friday accepted responsibility for covering up a 2016 data breach that affected 57 million passengers and drivers, as part of a settlement with U.S. prosecutors to avoid criminal charges.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
In entering a non-prosecution agreement, Uber admitted that its personnel failed to report the November 2016 hacking to the U.S. Federal Trade Commission, even though the agency had been investigating the ride-sharing company’s data security.
U.S. Attorney Stephanie Hinds in San Francisco said Uber waited about a year to report the breach, after installing new executive leadership who “established a strong tone from the top” regarding ethics and compliance.
Hinds said the decision not to criminally charge Uber reflected new management’s prompt investigation and disclosures, and Uber’s 2018 agreement with the FTC to maintain a comprehensive privacy program for 20 years.
The San Francisco-based company is also cooperating with the prosecution of a former security chief, Joseph Sullivan, over his alleged role in concealing the hacking.
Uber did not immediately respond to requests for comment.