Uber Agrees to Record $148M Settlement for 2016 Data Breach

Uber Settles Data Breach Case for $148 Million
[Image: A gavel resting on legal documents with the Uber logo in the background. Caption: Uber faces a multi-state settlement over a concealed 2016 data breach.]

Uber has agreed to pay $148 million to settle an investigation into its handling of a 2016 data breach affecting 57 million users and drivers. The settlement, split among all 50 states and Washington, D.C., is the largest multi-state data breach resolution in U.S. history, according to New York Attorney General Barbara Underwood.

What Happened?
In 2016, hackers stole personal data, including driver’s license numbers and email addresses. Uber allegedly paid the hackers $100,000 to delete the information and failed to disclose the breach until November 2017. The company also settled with the Federal Trade Commission (FTC) in April 2018 over claims of deceptive privacy practices.

Terms of the Settlement
Uber must:

• Create a corporate integrity program for ethical employee reporting.
• Adopt stricter data security and breach notification protocols.
• Hire an independent auditor to review its practices.

[Image: Infographic showing timeline: 2016 breach → 2017 disclosure → 2018 settlements.]

Accountability & Reforms
New York AG Underwood emphasized the message: “We have zero tolerance for companies exploiting consumer data.” New York will receive $5.1 million of the settlement.

Uber’s Chief Legal Officer Tony West stated the company now prioritizes “transparency, integrity, and accountability,” citing improved data protections. The ride-share giant has also expanded its leadership team, hiring Ruby Zefo as Chief Privacy Officer and Matt Olsen as Chief Trust and Security Officer in 2018.

This settlement marks Uber’s ongoing effort to rebuild trust after years of scandals.

CNNMoney (New York) | September 26, 2018

Note: Imagery suggestions include a legal-themed visual for the settlement and a timeline infographic to simplify key events.